[Distutils] [buildout] private eggs and egg repositories
Chris Withers
chris at simplistix.co.uk
Mon Nov 17 08:17:09 CET 2008
Andreas Jung wrote:
>> Out on interest, how does buildout handle password-protected indexes?
>
> Unsupported - we trust our internal and external developers.
Okay, but surely that means you can only expose that packaging server to
a very limited set of people? If you can upload and download without
restriction, then at most you can only expose it to an intranet of
machines that need packages (what do you do if they're on more than one
site with no linking vpn?) and even for developers, I guess they must
have to be attached to some vpn to upload packages? Still, how do you
stop clients that should only be reading packages (which I'm guessing is
the majority) from uploading rogue packages?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Distutils-SIG
mailing list