[Catalog-sig] A 90% Solution
Lennart Regebro
regebro at gmail.com
Tue Mar 12 06:20:20 CET 2013
On Tue, Mar 12, 2013 at 12:04 AM, PJ Eby <pje at telecommunity.com> wrote:
> Just a thought, but...
>
> If 90% of PyPI projects do not have any external files to download,
> then, wouldn't it make sense to:
>
> 1. Add a project-level option to enable or disable the adding of the
> rel="" attribute to /simple links (but not affecting the links in any
> other way)
> 2. Default it to disabled for new projects, and
> 3. Set it to disabled *now* for the 90% of projects that *don't have
> external files*?
That doesn't solve the problem, but it would make easy_install faster, so +1
> Immediately, 90% of the problem goes away
That's not 90% of the problem. The problem with externally hosted
files is not primarily that easy_install gets slower.
> stuff that doesn't contain a link now, but which could be taken over
> by a malicious party in the future, and 90% fewer sites having to be
> up in order for you to build something from PyPI.
Well, if the sites that do not contain the packages are down, that
only results in the build be *really* slow, it doesn't fail. It's when
the sites which *are* hosting packages are down that the build fails.
//Lennart
More information about the Catalog-SIG
mailing list