[Distutils] [buildout] private eggs and egg repositories

Chris Withers chris at simplistix.co.uk
Mon Nov 17 08:17:09 CET 2008

Andreas Jung wrote:
>> Out on interest, how does buildout handle password-protected indexes?
> Unsupported - we trust our internal and external developers.

Okay, but surely that means you can only expose that packaging server to 
a very limited set of people? If you can upload and download without 
restriction, then at most you can only expose it to an intranet of 
machines that need packages (what do you do if they're on more than one 
site with no linking vpn?) and even for developers, I guess they must 
have to be attached to some vpn to upload packages? Still, how do you 
stop clients that should only be reading packages (which I'm guessing is 
the majority) from uploading rogue packages?



Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Distutils-SIG mailing list