[Catalog-sig] an immutable mirror of PyPI
P.J. Eby
pje at telecommunity.com
Wed Jul 20 16:09:44 CEST 2011
At 09:55 AM 7/20/2011 +0100, Chris Withers wrote:
>On 20/07/2011 09:54, M.-A. Lemburg wrote:
>>You mean: an extension that allow pinning versions
>
>buildout allows version pinning out of the box.
>
>>just one that checks the downloads against the hashes provided by
>>the index server (if it does) ?
>
>yes, I think, but I'm not 100%
Buildout uses setuptools, and setuptools checks the hashes provided
by the index server. So, by default, buildout is probably checking them.
More information about the Catalog-SIG
mailing list