[Python-checkins] peps: Add additional reasons and explicitly reject the "next steps" of PEP 438
donald.stufft
python-checkins at python.org
Fri Jun 6 13:57:16 CEST 2014
http://hg.python.org/peps/rev/3128e9d38937
changeset: 5488:3128e9d38937
user: Donald Stufft <donald at stufft.io>
date: Fri Jun 06 07:57:08 2014 -0400
summary:
Add additional reasons and explicitly reject the "next steps" of PEP 438
files:
pep-0470.txt | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/pep-0470.txt b/pep-0470.txt
--- a/pep-0470.txt
+++ b/pep-0470.txt
@@ -389,6 +389,9 @@
hosted.
* Default to disallowing safely externally hosted files with only a global
flag to enable them, but disallow unsafely hosted.
+* Continue on the suggested path of PEP 438 and remove the option to unsafely
+ host externally but continue to allow the option to safely host externally.
+
These proposals are rejected because:
@@ -454,6 +457,18 @@
or attempt to deploy to a server where their install will fail again until
they add the "make it work" flag in their configuration file.
+* The URL classification only works for a certain subset of projects, however
+ it does not allow for any project which needs additional restrictions such
+ as Access Controls. This means that there would be two methods of doing the
+ same thing, linking to a file safely and hosting an index. Hosting an index
+ works in all situations and by relying on this we make for a more consistent
+ experience no matter the reason for external hosting.
+
+* The safe external hosting option hampers the ability of PyPI to upgrade it's
+ security infrastructure. For instance if MD5 becomes broken in the future
+ there will be no way for PyPI to upgrade the hashes of the projects which
+ rely on safe external hosting via MD5 while files that are hosted on PyPI
+ can simply be processed over with a new hash function.
Copyright
=========
--
Repository URL: http://hg.python.org/peps
More information about the Python-checkins
mailing list