[Distutils] PEP 470 discussion, part 3

Donald Stufft donald at stufft.io
Fri Jul 25 15:34:14 CEST 2014


On July 25, 2014 at 9:29:14 AM, Richard Jones (r1chardj0n3s at gmail.com) wrote:
On 25 July 2014 15:21, Nick Coghlan <ncoghlan at gmail.com> wrote:
On 25 July 2014 23:13, Richard Jones <r1chardj0n3s at gmail.com> wrote:
> A variation on the above two ideas is to just record the *link* to the
> externally-hosted file from PyPI, rather than that file's content. It is
> more error-prone, but avoids issues of file ownership.

This is essentially what PEP 470 proposes, except that the link says
"this project is hosted on this external index, check there for the
relevant details" rather than having individual links for every
externally hosted version.

Well, not quite. The PEP proposes a link to a page for an index with arbitrary contents. The above would link only to packages for the /simple/ name in question.  A very small amount of protection against accidents but some protection nonetheless. Also, an installer does not need to go to that external index to find anything - everything is listed in the one place.


     Richard


This is still a second mechanism that users have to know and be aware of. The multi index support isn’t going away and it is the primary way to support things not hosted on PyPI in every situation *except* the “well I have a publicly available thing, but I don’t want to upload it to PyPI for whatever reason” case. As evidenced by the numbers I really don’t think that use case is a big enough use case to warrant it’s own special mechanisms. Especially given the fact that it forces some bad architecture on the installers.

-- 
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140725/e05e4b8c/attachment.html>


More information about the Distutils-SIG mailing list