On 27 October 2013 14:13, Donald Stufft <don...@stufft.io> wrote: > > On Oct 26, 2013, at 11:59 PM, Donald Stufft <don...@stufft.io> wrote: > >> Ok here’s the real list: https://gist.github.com/dstufft/7177500 > > Quick note that this list is a list of projects that have *ever* used > dependency links on PyPI. Some of these projects are no longer > using them.
Am I correct in thinking that providing a flag to disable them completely will be enough to get ensurepip to behave itself? If so, then the bare minimum is to provide such a flag in the bundled versions of pip and setuptools and have ensurepip use it. I also think it is reasonable to continue offering a feature like dependency_links on an opt-in basis for controlled environments (I see it as analagous to the direct references feature in PEP 440). That would make the migration look something like: pip 1.5 (and associated minimum required version of setuptools): - add a disable switch for dependency link handling - add at least a per-project opt-in for dependency link handling (and perhaps a global opt-in) - deprecate implicit handling of dependency links pip 1.6: - dependency links are disabled by default, must opt-in to process them Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
