"Filip M. Noetzel" <[email protected]> schrieb: > (I'm replying out of band, [...]
I hope you don't mind if I send a copy of my reply back to the list, though. > I think wrote what you are describing in your post a few months ago: > > http://pypi.python.org/pypi/buildout-md5sums (Source at > https://github.com/peritus/buildout-md5sums ) It has a very similar purpose indeed. Nice to see that this is something I'm not the only one to want to have. Thank you for pointing it out! > I'd love feedback on it (I use it on a day-to-day basis for my buildouts, but > don't know other users). The problems I see with your approach: - Patching the download API is technically less than optimal. - Anchoring MD5 enforcement that deeply within the mechanics means that client code cannot decide whether its associated configuration needs to honour the allow-picked-downloads flag. I'm not sure whether that's a good thing or bad - that's part of what I'm hoping to discuss. I could imagine that one wants to enforce checksums for, e.g., source packages downloaded by a cmmi recipe while avoiding them for base configuration files downloaded by buildout itself. - As a less technical aspect, you might want to consider a more serious licence for your package if you hope for more wide-spread use. Thomas
signature.asc
Description: PGP signature
_______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
