[Catalog-sig] Flag to tell pip to only install uploaded files
pje at telecommunity.com
Sat Jun 23 02:58:28 CEST 2012
On Fri, Jun 22, 2012 at 8:21 PM, Aaron Meurer <asmeurer at gmail.com> wrote:
> I'm following up on a discussion on the pip mailing list
> where I was directed here.
> Would it be possible to add some kind of a flag to PyPI that would let
> package maintainers tell pip to install only the uploaded file (or
> possibly also the file given by a direct link), and no others?
> Currently, pip aggressively tries to find the latest version of a
> package by crawling all links on the PyPI page, even those from older
> versions. This is a headache to me as a package maintainer because it
> means that pip is quite often installing the wrong thing. Recently,
> pip was trying to install our html docs because we had a file uploaded
> at Google Code named "sympy-0.7.1-html-docs",
The simple way to correct this problem is to rename the file
'sympy-html-docs-0.7.1' - this will fix things for all installers that
follow easy_install's discovery protocol, including pip and zc.buildout.
> which it deemed to be a
> newer version than "sympy-0.7.1". There's also the issue that every
> time we put out a release candidate for a new version, pip starts
> installing that, when I would prefer it to only install stable final
> releases. It's also, as I noted on the other discussion list, a bit
> of a security risk.
zc.buildout includes a flag to prefer stable releases, and I believe some
other installation tools do as well. You might suggest they add such a
flag to pip and move towards using it by default.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalog-SIG