[Catalog-sig] Deprecate External Links

Donald Stufft donald.stufft at gmail.com
Wed Feb 27 21:01:16 CET 2013 

On Wednesday, February 27, 2013 at 2:56 PM, Aaron Meurer wrote:
> On Wed, Feb 27, 2013 at 12:49 PM, Monty Taylor <mordred at inaugust.com (mailto:mordred at inaugust.com)> wrote:
> > 
> > 
> > On 02/27/2013 02:47 PM, Aaron Meurer wrote:
> > > On Wed, Feb 27, 2013 at 11:37 AM, holger krekel <holger at merlinux.eu (mailto:holger at merlinux.eu)> wrote:
> > > > On Wed, Feb 27, 2013 at 19:34 +0100, Lennart Regebro wrote:
> > > > > On Wed, Feb 27, 2013 at 5:34 PM, M.-A. Lemburg <mal at egenix.com (mailto:mal at egenix.com)> wrote:
> > > > > > I'm not saying that it's not a good idea to host packages on PyPI,
> > > > > > but forcing the community into doing this is not a good idea.
> > > > > > 
> > > > > 
> > > > > 
> > > > > I still don't understand why not. The only reasons I've seen are
> > > > > "Because they don't want to" or "because they don't trust PyPI". And
> > > > > in the latter case I'm assuming they wouldn't use PyPI at all.
> > > > > 
> > > > > And of course, nobody is forcing anyone, just like nobody is forcing
> > > > > you to use PyPI. :-)
> > > > > 
> > > > 
> > > > 
> > > > I understood there is the idea to disable external links within a couple
> > > > of months. That does break backward compatibility in a considerable way.
> > > > 
> > > > holger
> > > 
> > > But wouldn't this only be a change in pip/easy_install, not PyPI
> > > itself? I suppose you could explicitly break the external links by
> > > having them point to nothing if you are worried about the security or
> > > if it's some performance issue (that would indeed be a bad
> > > compatibility break, in case people are using those for other
> > > purposes). Otherwise, if it's a problem, then just use the old
> > > version of pip.
> > > 
> > 
> > 
> > If we don't remove the feature from pypi itself, then it won't help the
> > folks for whom its a problem, because there will be no incentive for the
> > folks hosting their software that way to actually upload their stuff to
> > PyPI - which means that client-side disabling of external_links is
> > fairly likely to never be usable.
> > 
> 
> 
> How would you remove it from PyPI itself? Would that just require
> changing some urls, so that pip doesn't know where to find stuff any
> more?
> 
> 

Modify the PyPI software to no longer link to those urls. 
> 
> Sorry if this is obvious. I'm not a pip/PyPI developer. Just a
> package maintainer who has been irked several times by
> pip's/PyPI's/easy_install's idiotic external links policy.
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130227/58f495bd/attachment.html>

More information about the Catalog-SIG mailing list