[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Laurence Rowe l at lrowe.co.uk
Thu Jun 17 18:19:03 CEST 2010

M.-A. Lemburg wrote:
> If such external links are a problem for zc.buildout, why don't
> you add an option to zc.buildout that prevents using such
> packages ?
> This is well possible by checking the /simple index entry
> for links to package download files:
> http://pypi.python.org/simple/python-openid/
> vs.
> http://pypi.python.org/simple/zc.buildout/
> BTW: what are all those bug links doing on the zc.buildout index page ?
> They look a lot like a good possibility for injecting trojans.

That's an artefact of setuptools looking for downloadable packages from the
download_url or any url linked from the description. If all packages were
uploaded to pypi, the simple index would be much simpler.

View this message in context: http://old.nabble.com/-Proposal--Registered-packages-must-provide-the-source-code-distribution-on-PyPI-tp28910327p28916555.html
Sent from the Python - catalog-sig mailing list archive at Nabble.com.

More information about the Catalog-SIG mailing list