[Catalog-sig] Flag to tell pip to only install uploaded files
Donald Stufft
donald.stufft at gmail.com
Sat Jun 23 03:50:09 CEST 2012
pip install -i https://restricted.crate.io/
(Restricted is an endpoint of Crate that _only_ lists uploaded files)
Not exactly what you were looking for, but it's *a* solution.
On Friday, June 22, 2012 at 8:21 PM, Aaron Meurer wrote:
> Hi.
>
> I'm following up on a discussion on the pip mailing list
> (https://groups.google.com/forum/#!topic/python-virtualenv/PZNj9pC6aKA/discussion),
> where I was directed here.
>
> Would it be possible to add some kind of a flag to PyPI that would let
> package maintainers tell pip to install only the uploaded file (or
> possibly also the file given by a direct link), and no others?
>
> Currently, pip aggressively tries to find the latest version of a
> package by crawling all links on the PyPI page, even those from older
> versions. This is a headache to me as a package maintainer because it
> means that pip is quite often installing the wrong thing. Recently,
> pip was trying to install our html docs because we had a file uploaded
> at Google Code named "sympy-0.7.1-html-docs", which it deemed to be a
> newer version than "sympy-0.7.1". There's also the issue that every
> time we put out a release candidate for a new version, pip starts
> installing that, when I would prefer it to only install stable final
> releases. It's also, as I noted on the other discussion list, a bit
> of a security risk.
>
> According to the pip guys (namely, Carl Meyer), this is not so easy to
> change from their end because of backwards compatibility issues. I
> suggested that such a flag be added to PyPI, and they told me that if
> it were, they would accept a patch supporting it in pip. This would
> make it much less of a headache for me as a package maintainer,
> because I could know that pip will always install exactly what I want.
> It could be off by default to enable backwards compatibility.
>
> Aaron Meurer
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org (mailto:Catalog-SIG at python.org)
> http://mail.python.org/mailman/listinfo/catalog-sig
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120622/96df0d22/attachment-0001.html>
More information about the Catalog-SIG
mailing list