[Distutils] [buildout] private eggs and egg repositories
Andreas Jung
lists at zopyx.com
Mon Nov 17 08:24:28 CET 2008
On 17.11.2008 8:17 Uhr, Chris Withers wrote:
> Andreas Jung wrote:
>>> Out on interest, how does buildout handle password-protected indexes?
>>
>> Unsupported - we trust our internal and external developers.
>
> Okay, but surely that means you can only expose that packaging server to
> a very limited set of people? If you can upload and download without
> restriction, then at most you can only expose it to an intranet of
> machines that need packages (what do you do if they're on more than one
> site with no linking vpn?) and even for developers, I guess they must
> have to be attached to some vpn to upload packages? Still, how do you
> stop clients that should only be reading packages (which I'm guessing is
> the majority) from uploading rogue packages?
>
The scope of haufe.eggserver is basically for internal development and
deployment only. So here security does not matter. Eggbasket obviously
provides support for restricting uploads on a per package basis as PyPI
does. However I did not get Eggbasket running.
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20081117/8479f6b2/attachment.vcf>
More information about the Distutils-SIG
mailing list