[Distutils] setuptools for people behind a firewall

Paul Moore p.f.moore at gmail.com
Tue Jul 12 10:50:17 CEST 2005

On 7/12/05, Phillip J. Eby <pje at telecommunity.com> wrote:
> At 04:58 PM 7/11/2005 +0100, Paul Moore wrote:
> >I've just had a look at the new documentation for setuptools. I've not
> >read it all in detail yet, but one thing struck me regarding the
> >"automatically download dependencies" feature.
> >
> >It isn't going to work for people (like me) stuck behind a firewall
> >that Python doesn't support (Windows NTLM based firewall). Obviously,
> >setuptools is never going to be able to resolve a situation like this,
> >nor would I expect it to.
> Have you tried APS?  (i.e., http://ntlmaps.sf.net/ )  Its pages seem to
> suggest it can authenticate to NTLM proxy servers like the one you're
> dealing with, and it sounds like a general-purpose solution to the proxying
> problem.  The only issue is that you'd need to configure your system such
> that urllib considers the APS address to be the proxy to use, but then
> *all* Python apps (or any app that reads the same proxy configuration) will
> be able to get out past the firewall.

Yes, I have used APS and it is a reasonably good workaround. However,
there is a definite disadvantage, in that it isn't set up to be
launched as a service on Windows, which means that I can't have it
"always running" (actually, having a permanently running proxy
probably isn't that good an idea - I'm not enough of a security expert
to be sure I haven't left a hole by doing so). So it tends to be left
around, to run "when needed", which in practice means that when I do
need it (pretty infrequently) I have to remember where it is, how to
start it, etc etc.

All of the above is fixable, but I don't have the time to do so, and
the project seems pretty static, so I don't expect this sort of
usability improvement to come from the project.

But yes, I'll keep it in mind as an option.

> This is potentially possible, but EasyInstall's PyPI searches and
> SourceForge download support need to be able to detect the MIME type
> of an HTTP response in order to decide whether it has an HTML page or not.

curl -i includes the HTTP headers. But I understand that it's
additional work for a very limited requirement, and there's a more
general workaround available, so that's OK. Thanks for the


More information about the Distutils-SIG mailing list