On Wednesday, February 27, 2013 at 7:20 PM, PJ Eby wrote: > On Wed, Feb 27, 2013 at 4:50 PM, Donald Stufft <donald.stu...@gmail.com > (mailto:donald.stu...@gmail.com)> wrote: > > Development snapshots are a use case that i'm not sure makes sense > > for PyPI, but if they do should require specific opt-in to install them. > > Does easy_install have a command line flag that adds extra links? > > > > > *chuckle*. Yes, it's the original source of the --find-links option, > emulated in pip to ease migration. > >
I guessed as much, but I don't remember easy_install all that well, it's been awhile since I used it. > > > can your instructions simply state to do the equivalent of > > `pip install --find-links=http://setuptools.com/dev-snapshopts/`? > > > > > The problem with find-links is that if you push them off of PyPI, they > have to go somewhere else, which is setuptools' "dependency-links" > feature. Now you have an even *harder* problem to update or remove > those links, because they're not under the control of the author nor > visible on PyPI. > > Why would they go in dependency-links? I mean I understand that people might do that to remove the need to direct their users to enter a full url. But that is outside of the realm of PyPI at that point and can be fixed in the tooling. easy_install / pip / buildout / etc should *never* fetch anything outside of PyPI without the *user* (not the package author) directing them to that url, either directly via tarball, or implicitly with --index-url/--find-links and PyPI shouldn't make that an exposed part of the workflow. > > > > Alternatively I would like to get the tooling smarter about not installing > > pre-release versions unless asked as well. > > > > > Yes, and that discussion doesn't have much to do with PyPI per se, > because again, it's up to the tools. > >
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
