[Catalog-sig] Flag to tell pip to only install uploaded files
Richard Jones
richard at python.org
Thu Jul 5 04:18:32 CEST 2012
On 23 June 2012 10:21, Aaron Meurer <asmeurer at gmail.com> wrote:
> There's also the issue that every
> time we put out a release candidate for a new version, pip starts
> installing that, when I would prefer it to only install stable final
> releases. It's also, as I noted on the other discussion list, a bit
> of a security risk.
>
> According to the pip guys (namely, Carl Meyer), this is not so easy to
> change from their end because of backwards compatibility issues. I
> suggested that such a flag be added to PyPI, and they told me that if
> it were, they would accept a patch supporting it in pip. This would
> make it much less of a headache for me as a package maintainer,
> because I could know that pip will always install exactly what I want.
> It could be off by default to enable backwards compatibility.
Just to be clear, what's being proposed is some way to flag a release
on PyPI as being "stable" (or some other release as "unstable")? Then
a tool such as pip could prefer a stable release over an unstable
release while scraping download links from PyPI and all related pages?
How would this flag be presented to pip? How would a package
maintainer manage it?
Just a thought on the version number precedence rules: would using
"smypy-rc1-0.7.1" rather than "sympy-0.7.1-rc1" (ie. your version is
'rc1-0.7.1" instead of "0.7.1-rc1") work? It's a hack, I know, but I
had another look at the easy_install docs page and it's not clear to
me whether that would work. I think it might because it uses the same
basic work-around as the sympy-docs-html file.
Richard
More information about the Catalog-SIG
mailing list