[Distutils] [buildout] private eggs and egg repositories
lists at zopyx.com
Mon Nov 17 08:24:28 CET 2008
On 17.11.2008 8:17 Uhr, Chris Withers wrote:
> Andreas Jung wrote:
>>> Out on interest, how does buildout handle password-protected indexes?
>> Unsupported - we trust our internal and external developers.
> Okay, but surely that means you can only expose that packaging server to
> a very limited set of people? If you can upload and download without
> restriction, then at most you can only expose it to an intranet of
> machines that need packages (what do you do if they're on more than one
> site with no linking vpn?) and even for developers, I guess they must
> have to be attached to some vpn to upload packages? Still, how do you
> stop clients that should only be reading packages (which I'm guessing is
> the majority) from uploading rogue packages?
The scope of haufe.eggserver is basically for internal development and
deployment only. So here security does not matter. Eggbasket obviously
provides support for restricting uploads on a per package basis as PyPI
does. However I did not get Eggbasket running.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316 bytes
Desc: not available
More information about the Distutils-SIG