On 25 July 2014 15:21, Nick Coghlan <ncogh...@gmail.com> wrote:
> On 25 July 2014 23:13, Richard Jones <r1chardj0...@gmail.com> wrote:
> > A variation on the above two ideas is to just record the *link* to the
> > externally-hosted file from PyPI, rather than that file's content. It is
> > more error-prone, but avoids issues of file ownership.
>
> This is essentially what PEP 470 proposes, except that the link says
> "this project is hosted on this external index, check there for the
> relevant details" rather than having individual links for every
> externally hosted version.
>
Well, not quite. The PEP proposes a link to a page for an index with
arbitrary contents. The above would link only to packages for the /simple/
name in question. A very small amount of protection against accidents but
some protection nonetheless. Also, an installer does not need to go to that
external index to find anything - everything is listed in the one place.
Richard
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
