[Distutils] [buildout] hard coded urls considered harmful

Chris Withers chris at simplistix.co.uk
Fri Oct 9 18:22:46 CEST 2009

Jim Fulton wrote:
> On Fri, Oct 9, 2009 at 11:08 AM, Chris Withers <chris at simplistix.co.uk> wrote:
>> Hi All,
>> bootstrap.py contains the following hard coded url:
>> exec urllib2.urlopen('http://peak.telecommunity.com/dist/ez_setup.py'
>>                     ).read() in ez
>> With hindsight, this seems like a bad idea.
> I don't see a good alternative.

At least having it overrideable on the command line and/or by an 
environment variable would be the way forward...

>> My suggestion would be for bootstrap.py to include the code in ez_setup.py,
>> but that seems a little heavyweight.
> ez_setup.py has a hard coded URL too.

Indeed, but that uses the advertised public APIs of PyPI, which I have a 
little more faith in. But yes, this whole business of hardcoding 
download urls is brittle and annoying. What's needed to make it no 
longer necessary? stdlib support for downloading a package from an 
index, with PyPI as the default?


Simplistix - Content Management, Batch Processing & Python Consulting
            - http://www.simplistix.co.uk

More information about the Distutils-SIG mailing list