On Thu, 08 May 2014 10:11:39 -0400, "R. David Murray" <rdmur...@bitdance.com> wrote: > On Thu, 08 May 2014 09:58:08 -0400, Donald Stufft <don...@stufft.io> wrote: > > I don't think the warning is FUD, and it doesn't mention anything security > > related at all. The exact text of the warning is in the subject of the email > > here: > > > > cdecimal an externally hosted file and may be unreliable > > > > Which is true as far as I can tell, it is externally hosted, and it may be > > unreliable[1]. If there is a better wording for that IâÂÂm happy to have > > it and > > will gladly commit it myself to pip. > > > > [1] In my experience dealing with complaints of pip's users, one of their > > big > > ones was that some dependency they use was, typically unknown to them, > > hosted externally and they found out it was hosted externally because > > the > > server it was hosted on went down. > > "unreliable" reads as "not safe", ie: insecure. > > You probably want something like "and access to it may be unreliable".
Actually, thinking about this some more, *most* end-users aren't going to care that there's another point of failure here, they only care if it works or not when they try to install it. So something like "cdecimal is not hosted on pypi; download may fail if external server is unavailable" might be clearer. And once you're at that point, as a user I'm going to grumble, "Well, why the heck didn't you just try?", as I figure out how to re-execute the command so that it does try. --David
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
