On Aug 28, 2014, at 6:09 PM, Donald Stufft <donald@stufft.io> wrote:_______________________________________________On Aug 28, 2014, at 2:58 PM, Donald Stufft <donald@stufft.io> wrote:_______________________________________________Right now the “canonical” page for a particular project on PyPI is whatever theauthor happened to name their package (e.g. Django). This requires PyPI to havesome "smarts" so that it can redirect things like /simple/django/ to/simple/Django/ otherwise someone doing ``pip install django`` would fall backto a much worse behavior.If this redirect doesn't happen, then pip will issue a request for just/simple/ and look for a link that, when both sides are normalized, comparesequal to the name it's looking for. It will then follow the link, get/simple/Django/ and everything works... Except it doesn't. The problem herecomes from the external link classification that we have now. Pip sees thelink to /simple/Django/ as an external link (because it lacks the requiredrels) and the installation finally fails.The /simple/ case rarely happens when installing from PyPI itself because ofthe redirect, however it happens quite often when someone is attempting toinstal from a mirror instead. Even when everything works correctly the penalityfor not knowing exactly what name to type in results in at least 1 extra httprequest, one of which (/simple/) requires pulling down a 2.1MB file.To fix this I'm going to modify PyPI so that it uses the normalized name inthe /simple/ URL and redirects everything else to the non-normalized name. I'malso going to submit a PR to bandersnatch so that it will use normalized namesfor it's directories and such as well. These two changes will make it so thatthe client side will know ahead of time exactly what form the server expectsany given name to be in. This will allow a change in pip to happen whichwill pre-normalize all names which will make the interaction with mirrors betterand will reduce the number of HTTP requests that a single ``pip install`` needsto make.---Donald StufftPGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sigHm, so here’s the problem.I have this implemented and deployed to TestPyPI, it works great!However, the next step is to make the change to bandersnatch so that it savesthings using their normalized name instead of using their "proper" name. Doingthis will trigger it so that everyone using pip 1.5 won't be able to installanything from that mirror unless it's name is specified as the normalized name(e.g. ``pip install Django`` will fail without --allow-unverified but``pip install django`` will work). This would be fixed with pip 1.6 (sinceit would know to "normalize" the name before fetching the URL).The same thing will occur if we make the change in pip first, it wouldnormalize names so you'd need to use --allow-unverified for everything becauseit would act as if you typed ``pip install django`` instead of ``pip installDjango``.To my knowledge, this *only* will affect pip 1.5.x.So the only way forward I can see to make this change, which I think is a goodchange and will remove a big "gotcha" from using a mirror, is to coordinatea release of bandersnatch that coincides with pip 1.6, and tell people theyneed to upgrade in lockstep.Does anyone have any other ideas?---Donald StufftPGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig