[Catalog-sig] Flag to tell pip to only install uploaded files

Carl Meyer carl at oddbird.net
Thu Jul 5 21:22:54 CEST 2012

On 07/04/2012 11:00 PM, Donald Stufft wrote:
> On Thursday, July 5, 2012 at 12:43 AM, Aaron Meurer wrote:
>> I think the cleanest way would be to just have a way to tell pip to
>> only install the files that are uploaded to PyPI (alternately, files
>> from a direct download link). In other words, I want to force
>> pip/easy_install to *not* do any link scraping.
> Sounds like something that honestly belongs in pip.
> Something like ``pip --disable-external``.
> Possibly something like ``pip --only-stable`` or something (if versions
> can be parsed by PEP 345?).

I don't have any objection to a flag in pip to disable crawling off the
index domain (this is a hard security requirement for some users, and
something pip ought to have), but it doesn't at all meet Aaron's desire
as a package maintainer to be able to make this happen *by default* for
everyone pip-installing his package.


More information about the Catalog-SIG mailing list