>
>
> Imposing backwards incompatible changes like this one, however well
> justified, always brings with it a certain responsibility to help users in
> managing the transition. In this case, I suspect a *separate* link scanning
> tool (which we can put as many security warnings on as you like) that
> generates a requirements.txt file may be a more appropriate approach than
> just telling users to use built packages on a private HTTP or PyPI server,
> since spinning up and maintaining new server infrastructure is often a much
> more challenging prospect in user environments than installing and using a
> new client tool.
>
so, instead of
pip install git+https://myrepo@master#egg=toplevelapp
it's this:
deplinks_scantool git+https://myrepo@master#egg=toplevelapp >
requirements.txt
pip install -r requirements.txt
the scan tool step is pretty hefty in that it's downloading and running
egg_info, but yes, I can see that being easier for some users than dealing
with packaging
_______________________________________________
Distutils-SIG maillist - [email protected]
https://mail.python.org/mailman/listinfo/distutils-sig
