[Distutils] PEP 438, pip and --allow-external (was: "pip: cdecimal an externally hosted file and may be unreliable" from python-dev)

Nick Coghlan ncoghlan at gmail.com
Sat May 10 13:57:22 CEST 2014 

On 10 May 2014 08:03, "Paul Moore" <p.f.moore at gmail.com> wrote:
>
> On 9 May 2014 22:33, Donald Stufft <donald at stufft.io> wrote:
> > On the flip side option (A) allows us to make this much simpler
overall. We
> > can simply do:
> >
> >     If it's hosted on PyPI:
> >         Trust it.
> >     else if it's not hosted on PyPI:
> >         Require a --allow-external-and-unverifiable [*]
> >
> > This is *much*, *much*, *much* easier to explain, and I think it may be
a good
> > idea ala the Zen.
> [...]
> > Actually my opinion is that allowing external+safe files by default is
not
> > going to have any meaningful impact to *any* (or at the very least,
99.9%) of
> > pip's users.
>
> Thank you for the detailed explanation (most of which I trimmed). I am
> now 100% convinced of what you're saying.
>
> As to the option name, I think that --allow-external makes sense. It
> describes what we're doing, and we can explain why it is opt-in on the
> basis that (something like):
>
> """
> There are a number of issues with off-PyPI downloads. Apart from the
> fact that the infrastructure team cannot provide support for such
> downloads, nearly all such downloads are not verifiable, and hence
> represent a risk to the user. There is a mechanism for verifying
> off-PyPI downloads, but only a tiny minority of packages (around
> 0.05%) use it, and as the reliability issues still exist, opt-in
> remains the correct default..
> """
>
> If there's a sudden growth in safe off-PyPI downloads, we could add an
> --allow-safe-external option that allowed *all* safe off-PyPI links
> (it's not worth having a per-package option, IMO). But I doubt it'll
> ever be needed.

Actually, I expect folks like Stefan & MvL would likely want to be able to
preserve the  current "--allow-external" behaviour. The change Donald is
suggesting could then just be a matter of renaming the current
"--allow-external" to "--allow-safe-external", and making
"--allow-external" and " --allow-unverifiable" synonyms.

The error messages would still recommend "--allow-external", since that is
likely what would be needed to solve any installation problems related to
externally hosted files.

Cheers,
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140510/c501799a/attachment.html>

More information about the Distutils-SIG mailing list