Hey guys! PyPI is moving towards the world of getting people to stop hosting stuff via external links. It's been bad for us in the past and one of the reasons for the existence of our mirror. pip 1.4 has an option to disallow following external links, and in 1.5 it's going to be the default behavior.
Looking forward, we have 5 pip packages that host their stuff externally. If we have any pull with their authors, we should get them to actually upload stuff to pypi. If we don't, we should strongly consider our use of these packages. As soon as pip 1.4 comes out, I would like to moving forward restrict the addition of NEW requirements that do not host on pypi. (all 5 of these host insecurely as well, fwiw) The culprits are: dnspython,lockfile,netifaces,psutil,pysendfile _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
