On Oct 8, 2014, at 7:03 AM, Paul Moore
wrote: On 8 October 2014 11:33, holger krekel
wrote: The use of --extra-index-url in PEP 470 is to show how someone would add one of the extra repositories for a project that is indexed on PyPI, which is again roughly as safe as installing from PyPI at all.
Then we are reading the sections i cite above very differently -- IMO you and the PEP generally push for multi-index ops without explaining the risks.
Maybe someone else can chime in.
Chiming in because you asked for other opinions, although I've not yet read to the end of the thread...
I read this section, and indeed the whole of the PEP, as basically saying:
1. We have a problem because PEP 438 didn't turn out so well in practice. 2. We have an existing mechanism (multi-index support). 3. The existing mechanism can be used as follows to better solve the problem PEP 438 tried to solve.
I don't see any "encouragement" to use multi-index support, other than in the specific case PEP 438 was aimed at. Obviously PEP 470 raises the profile of multi-index support, which might cause people to use it ill-advisedly in inappropriate situations, but that's not the fault of PEP 470, and I don't want to see PEP 470 filled with warnings about how *other* uses of multi-index support might be inappropriate, because that will distract from the core message that is "we can fix the external hosting issue without needing clients to add a new mechanism".
Paul
This is more or less exactly what I intend (and what I think it does) the PEP to say. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA