On Tue, Feb 5, 2013 at 2:05 PM, Jesse Noller <jnol...@gmail.com> wrote:
> > > On Feb 5, 2013, at 8:02 AM, Holger Krekel <holger.kre...@gmail.com> wrote: > > On Tue, Feb 5, 2013 at 1:51 PM, Donald Stufft <donald.stu...@gmail.com>wrote: > >> On Tuesday, February 5, 2013 at 5:16 AM, Lennart Regebro wrote: >> >> 1. Packages should only be installed from the given package indexes. >> No scraping of websites as at least easy_install/buildout does, no >> downloading from external download links. A deprecation period for >> this of a couple of months, to give package authors the chance to >> upload their packages is probably necessary. >> >> PyPI will need to change for this to happen realistically if I recall. >> There is a >> hard limit on how large of a distribution can be uploaded to PyPI and >> there >> are, if I recall, valid distributions which are larger than that. >> >> >> > Personally I want the installers to only install from PyPI so my suggestion >> if this is something that (the proverbial) we want to do, PyPI should gain >> some notion of a soft limit for distribution upload (to prevent against >> DoS) with the ability to increase that size limit for specific projects >> who >> can file a ticket w/ PyPI to have their limit increased. >> >> > Dropping the crawling over external pages needs _much_ more than just a > few months deprecation warnings, rather years. There are many packages > out there, and it would break people's installations. As a random example, > look at http://pypi.python.org/simple/lockfile/ - it has its last release > in 2010 and 74K downloads from the 0.9 download url (going to > code.google.com). > > I certainly agree, though, that the current client-side crawling is a > nuisance and makes for unreliability of installation procedures. I think > we should move the crawling to the server side and cache packages. I am > currently working on a prototype which does this (and a few other > niceties). It allows to keep all installers and packages working nicely, > serving all packages from one central place (cached on demand currently but > that is a policy issue). > > best, > holger > > > Derived from the current pypi code base? > > No. Using it as a reference rather, and rewritten with a TDD approach, can't help it :) holger > > > >> _______________________________________________ >> Catalog-SIG mailing list >> Catalog-SIG@python.org >> http://mail.python.org/mailman/listinfo/catalog-sig >> >> > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig > >
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig