Something that's come up recently in the Debian Python mailing list is setuptools/distribute's habit of downloading *_requires packages (e.g. install_requires) when they are not available locally. This causes us problems because dependencies are defined in two places. They are defined in setup.py by the upstream package author, and in the debian/control file by the OS packager. Generally, this is okay because we can generate debian/control from setup.py -- though it does take some manual intervention to keep things in sync. This came up in the context of always enabling tests when we build the OS package. The problem arises if the two dependency lists are out of sync. For example, your setup.py depends on 'foo' but the Debian 'python-foo' package is not installed. In this case, during the build process, 'foo' would get downloaded from the Cheeseshop and this would mask a bug in the debian/control file (since any listed in debian/control would get installed from the archive and thus be available by the time setuptools/distribute runs). The question is: what's the best way for us Debian packagers to absolutely prevent download from Cheeseshop? We would much rather have setuptools/distribute spew an error and stop, because then we'd fix debian/control and ensure that all the package's dependencies came from the OS archive instead of external resources. One way that seems to work is to add this to setup.cfg: [easy_install] allow_hosts: www.example.com This will break the download by limiting acceptable hosts to bogus ones that can't possibly satisfy the requirement. But it's unsatisfying for several reasons: * It's obscure and doesn't really describe what we're trying to do ('fixable' I suppose by a comment) * Requires the Debian packager to add a setup.cfg or modify an existing one in the upstream package. Note that I thought this might also work, but it does not afaict: [easy_install] no_deps: true So, do you have any suggestions for a better way to say "never download dependencies" for a particular package, or class of packages. Ideally, there'd be one file we could modify, e.g. /etc/distribute.cfg that would allow us to prevent downloading globally for all system provided packages, but would still allow downloading for local development packages, e.g. via virtualenv. Thoughts are welcome, but also perhaps we can discuss further at the Pycon sprint. Cheers, -Barry