[Distutils] Please do not remove dependency_links
Marcus Smith
qwcode at gmail.com
Sat Jan 18 03:46:26 CET 2014
>
>
> Imposing backwards incompatible changes like this one, however well
> justified, always brings with it a certain responsibility to help users in
> managing the transition. In this case, I suspect a *separate* link scanning
> tool (which we can put as many security warnings on as you like) that
> generates a requirements.txt file may be a more appropriate approach than
> just telling users to use built packages on a private HTTP or PyPI server,
> since spinning up and maintaining new server infrastructure is often a much
> more challenging prospect in user environments than installing and using a
> new client tool.
>
so, instead of
pip install git+https://myrepo@master#egg=toplevelapp
it's this:
deplinks_scantool git+https://myrepo@master#egg=toplevelapp >
requirements.txt
pip install -r requirements.txt
the scan tool step is pretty hefty in that it's downloading and running
egg_info, but yes, I can see that being easier for some users than dealing
with packaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140117/10f8067b/attachment.html>
More information about the Distutils-SIG
mailing list