[Catalog-sig] Use user-specific site-packages by default?
Holger Krekel
holger.krekel at gmail.com
Tue Feb 5 14:07:26 CET 2013
On Tue, Feb 5, 2013 at 2:05 PM, Jesse Noller <jnoller at gmail.com> wrote:
>
>
> On Feb 5, 2013, at 8:02 AM, Holger Krekel <holger.krekel at gmail.com> wrote:
>
> On Tue, Feb 5, 2013 at 1:51 PM, Donald Stufft <donald.stufft at gmail.com>wrote:
>
>> On Tuesday, February 5, 2013 at 5:16 AM, Lennart Regebro wrote:
>>
>> 1. Packages should only be installed from the given package indexes.
>> No scraping of websites as at least easy_install/buildout does, no
>> downloading from external download links. A deprecation period for
>> this of a couple of months, to give package authors the chance to
>> upload their packages is probably necessary.
>>
>> PyPI will need to change for this to happen realistically if I recall.
>> There is a
>> hard limit on how large of a distribution can be uploaded to PyPI and
>> there
>> are, if I recall, valid distributions which are larger than that.
>>
>>
>>
> Personally I want the installers to only install from PyPI so my suggestion
>> if this is something that (the proverbial) we want to do, PyPI should gain
>> some notion of a soft limit for distribution upload (to prevent against
>> DoS) with the ability to increase that size limit for specific projects
>> who
>> can file a ticket w/ PyPI to have their limit increased.
>>
>>
> Dropping the crawling over external pages needs _much_ more than just a
> few months deprecation warnings, rather years. There are many packages
> out there, and it would break people's installations. As a random example,
> look at http://pypi.python.org/simple/lockfile/ - it has its last release
> in 2010 and 74K downloads from the 0.9 download url (going to
> code.google.com).
>
> I certainly agree, though, that the current client-side crawling is a
> nuisance and makes for unreliability of installation procedures. I think
> we should move the crawling to the server side and cache packages. I am
> currently working on a prototype which does this (and a few other
> niceties). It allows to keep all installers and packages working nicely,
> serving all packages from one central place (cached on demand currently but
> that is a policy issue).
>
> best,
> holger
>
>
> Derived from the current pypi code base?
>
>
No. Using it as a reference rather, and rewritten with a TDD approach,
can't help it :)
holger
>
>
>
>> _______________________________________________
>> Catalog-SIG mailing list
>> Catalog-SIG at python.org
>> http://mail.python.org/mailman/listinfo/catalog-sig
>>
>>
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130205/55e26e9f/attachment-0001.html>
More information about the Catalog-SIG
mailing list