On Feb 5, 2013, at 8:02 AM, Holger Krekel <holger.kre...@gmail.com> wrote:
> On Tue, Feb 5, 2013 at 1:51 PM, Donald Stufft <donald.stu...@gmail.com> wrote: >> On Tuesday, February 5, 2013 at 5:16 AM, Lennart Regebro wrote: >>> 1. Packages should only be installed from the given package indexes. >>> No scraping of websites as at least easy_install/buildout does, no >>> downloading from external download links. A deprecation period for >>> this of a couple of months, to give package authors the chance to >>> upload their packages is probably necessary. >> >> PyPI will need to change for this to happen realistically if I recall. There >> is a >> hard limit on how large of a distribution can be uploaded to PyPI and there >> are, if I recall, valid distributions which are larger than that. >> >> >> Personally I want the installers to only install from PyPI so my suggestion >> if this is something that (the proverbial) we want to do, PyPI should gain >> some notion of a soft limit for distribution upload (to prevent against >> DoS) with the ability to increase that size limit for specific projects who >> can file a ticket w/ PyPI to have their limit increased. > > Dropping the crawling over external pages needs _much_ more than just a few > months deprecation warnings, rather years. There are many packages out > there, and it would break people's installations. As a random example, look > at http://pypi.python.org/simple/lockfile/ - it has its last release in 2010 > and 74K downloads from the 0.9 download url (going to code.google.com). > > I certainly agree, though, that the current client-side crawling is a > nuisance and makes for unreliability of installation procedures. I think we > should move the crawling to the server side and cache packages. I am > currently working on a prototype which does this (and a few other niceties). > It allows to keep all installers and packages working nicely, serving all > packages from one central place (cached on demand currently but that is a > policy issue). > > best, > holger Derived from the current pypi code base? > >> _______________________________________________ >> Catalog-SIG mailing list >> Catalog-SIG@python.org >> http://mail.python.org/mailman/listinfo/catalog-sig > > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
