On 17.11.2008 8:17 Uhr, Chris Withers wrote:
Andreas Jung wrote:
Out on interest, how does buildout handle password-protected indexes?
Unsupported - we trust our internal and external developers.
Okay, but surely that means you can only expose that packaging server to
a very limited set of people? If you can upload and download without
restriction, then at most you can only expose it to an intranet of
machines that need packages (what do you do if they're on more than one
site with no linking vpn?) and even for developers, I guess they must
have to be attached to some vpn to upload packages? Still, how do you
stop clients that should only be reading packages (which I'm guessing is
the majority) from uploading rogue packages?
The scope of haufe.eggserver is basically for internal development and
deployment only. So here security does not matter. Eggbasket obviously
provides support for restricting uploads on a per package basis as PyPI
does. However I did not get Eggbasket running.
Andreas
begin:vcard
fn:Andreas Jung
n:Jung;Andreas
org:ZOPYX Ltd. & Co. KG
adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany
email;internet:[EMAIL PROTECTED]
title:CEO
tel;work:+49-7071-793376
tel;fax:+49-7071-7936840
tel;home:+49-7071-793257
x-mozilla-html:FALSE
url:www.zopyx.com
version:2.1
end:vcard
_______________________________________________
Distutils-SIG maillist - [email protected]
http://mail.python.org/mailman/listinfo/distutils-sig
