[Catalog-sig] an immutable mirror of PyPI
M.-A. Lemburg
mal at egenix.com
Wed Jul 20 16:29:23 CEST 2011
> At 09:55 AM 7/20/2011 +0100, Chris Withers wrote:
>> On 20/07/2011 09:54, M.-A. Lemburg wrote:
>>> You mean: an extension that allow pinning versions
>>
>> buildout allows version pinning out of the box.
Right, but does it also allow pinning down the hashes to make
sure that the downloads are indeed the ones you expect ?
That would be essential to provide security for buildout-based
configurations that pull their data from servers not under
control of the buildout user.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jul 20 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Catalog-SIG
mailing list