[Catalog-sig] Deprecate External Links
Monty Taylor
mordred at inaugust.com
Wed Feb 27 22:07:42 CET 2013
On 02/27/2013 04:04 PM, Lennart Regebro wrote:
> On Wed, Feb 27, 2013 at 8:49 PM, Monty Taylor <mordred at inaugust.com> wrote:
>>> But wouldn't this only be a change in pip/easy_install, not PyPI
>>> itself? I suppose you could explicitly break the external links by
>>> having them point to nothing if you are worried about the security or
>>> if it's some performance issue (that would indeed be a bad
>>> compatibility break, in case people are using those for other
>>> purposes). Otherwise, if it's a problem, then just use the old
>>> version of pip.
>>
>> If we don't remove the feature from pypi itself
>
> It isn't a feature of PyPI. PyPI doesn't require you to upload the
> files to PyPI. For that reason, easy_install and PIP will scrape
> external sites to be able to download the files.
>
> What we should do is agree that this should stop, and a deprecation
> warning to pip and easy_install and after some pre-determined time
> remove the feature from easy_install and pip.
Good point.
>> folks for whom its a problem, because there will be no incentive for the
>> folks hosting their software that way to actually upload their stuff to
>> PyPI
>
> Yes there will be: Everyone mailing them to tell them there software
> is broken and can't be installed with easy_install and pip. That's
> going to be very annoying very fast. ;-)
++
We could also write an easy utility that a maintainer could run on their
project like:
suck_in my_package
Which would query current pypi for a list of available releases of
my_package, then post them as a direct upload to pypi and finally remove
the external link. That way, once someone annoys them, there's an easy
answer of how to migrate.
More information about the Catalog-SIG
mailing list