[Distutils] Specification for a local PyPI simple index

Donald Stufft donald at stufft.io
Mon Sep 9 17:11:02 CEST 2013 

On Sep 9, 2013, at 10:54 AM, Paul Moore <p.f.moore at gmail.com> wrote:

> Is the spec at http://peak.telecommunity.com/DevCenter/EasyInstall#package-index-api
> still the definitive version of what must be provided for a local PyPI
> index (for use by something like pip)? Or is there a more up to date
> version anywhere?

It might match what easy_install looks for but it's not up to date. I think it's
still written as if the simple index had not been created. That being said
it'll probably mostly work. One of my steps I want to do with warehouse
is actually get this codified.

> 
> For example, are MD5 signatures still the only supported version? I
> thought we were moving away from MD5. And while I haven't really
> followed the offsite hosting changes, are the
> rel="homepage"/rel="download" links still as stated? (I think I'd want
> rel="download" on everything as I only expect to provide URLs for
> actual package content).

MD5s are the only thing supported by PyPI but setuptools 0.9+ (I think?)
and pip 1.2+ support sha1, sha256, sha512, etc.

> 
> Also, how definitive is item 7, which states that the root URL must
> result in a page containing all projects, but it can be omitted if
> case-insensitive safe_name() matching of projects is implemented? The
> reason I ask is that providing a full listing will be somewhat costly
> in my application, but providing case-insensitive matching should be
> doable (actually, I'm not sure yet what's feasible, but I want to know
> whether it's worth my time even investigating).

This makes stuff like ``pip install django`` when the actual name is Django
work. As long as your url matches safe_name it should be fine.

> 
> I'm still thinking about design at the moment, so what I need is far
> from decided, but I want to be sure that I'm actually implementing the
> correct spec as a starting point!
> 
> Thanks,
> Paul
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130909/8117883b/attachment.sig>

More information about the Distutils-SIG mailing list