[Distutils] [buildout] private eggs and egg repositories

Andreas Jung lists at zopyx.com
Mon Nov 17 08:24:28 CET 2008

On 17.11.2008 8:17 Uhr, Chris Withers wrote:
> Andreas Jung wrote:
>>> Out on interest, how does buildout handle password-protected indexes?
>> Unsupported - we trust our internal and external developers.
> Okay, but surely that means you can only expose that packaging server to
> a very limited set of people? If you can upload and download without
> restriction, then at most you can only expose it to an intranet of
> machines that need packages (what do you do if they're on more than one
> site with no linking vpn?) and even for developers, I guess they must
> have to be attached to some vpn to upload packages? Still, how do you
> stop clients that should only be reading packages (which I'm guessing is
> the majority) from uploading rogue packages?

The scope of haufe.eggserver is basically for internal development and 
deployment only. So here security does not matter. Eggbasket obviously 
provides support for restricting uploads on a per package basis as PyPI 
does. However I did not get Eggbasket running.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20081117/8479f6b2/attachment.vcf>

More information about the Distutils-SIG mailing list