On July 25, 2014 at 9:29:14 AM, Richard Jones (r1chardj0...@gmail.com) wrote:
On 25 July 2014 15:21, Nick Coghlan <ncogh...@gmail.com> wrote:
On 25 July 2014 23:13, Richard Jones <r1chardj0...@gmail.com> wrote:
> A variation on the above two ideas is to just record the *link* to the
> externally-hosted file from PyPI, rather than that file's content. It is
> more error-prone, but avoids issues of file ownership.
This is essentially what PEP 470 proposes, except that the link says
"this project is hosted on this external index, check there for the
relevant details" rather than having individual links for every
externally hosted version.
Well, not quite. The PEP proposes a link to a page for an index with arbitrary
contents. The above would link only to packages for the /simple/ name in
question. A very small amount of protection against accidents but some
protection nonetheless. Also, an installer does not need to go to that external
index to find anything - everything is listed in the one place.
Richard
This is still a second mechanism that users have to know and be aware of. The
multi index support isn’t going away and it is the primary way to support
things not hosted on PyPI in every situation *except* the “well I have a
publicly available thing, but I don’t want to upload it to PyPI for whatever
reason” case. As evidenced by the numbers I really don’t think that use case is
a big enough use case to warrant it’s own special mechanisms. Especially given
the fact that it forces some bad architecture on the installers.
--
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
