[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
Laurence Rowe
l at lrowe.co.uk
Thu Jun 17 18:19:03 CEST 2010
M.-A. Lemburg wrote:
>
> If such external links are a problem for zc.buildout, why don't
> you add an option to zc.buildout that prevents using such
> packages ?
>
> This is well possible by checking the /simple index entry
> for links to package download files:
>
> http://pypi.python.org/simple/python-openid/
>
> vs.
>
> http://pypi.python.org/simple/zc.buildout/
>
> BTW: what are all those bug links doing on the zc.buildout index page ?
> They look a lot like a good possibility for injecting trojans.
>
That's an artefact of setuptools looking for downloadable packages from the
download_url or any url linked from the description. If all packages were
uploaded to pypi, the simple index would be much simpler.
Laurence
--
View this message in context: http://old.nabble.com/-Proposal--Registered-packages-must-provide-the-source-code-distribution-on-PyPI-tp28910327p28916555.html
Sent from the Python - catalog-sig mailing list archive at Nabble.com.
More information about the Catalog-SIG
mailing list