[Catalog-sig] Deprecate External Links
Monty Taylor
mordred at inaugust.com
Wed Feb 27 20:49:53 CET 2013
On 02/27/2013 02:47 PM, Aaron Meurer wrote:
> On Wed, Feb 27, 2013 at 11:37 AM, holger krekel <holger at merlinux.eu> wrote:
>> On Wed, Feb 27, 2013 at 19:34 +0100, Lennart Regebro wrote:
>>> On Wed, Feb 27, 2013 at 5:34 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>>>> I'm not saying that it's not a good idea to host packages on PyPI,
>>>> but forcing the community into doing this is not a good idea.
>>>
>>> I still don't understand why not. The only reasons I've seen are
>>> "Because they don't want to" or "because they don't trust PyPI". And
>>> in the latter case I'm assuming they wouldn't use PyPI at all.
>>>
>>> And of course, nobody is forcing anyone, just like nobody is forcing
>>> you to use PyPI. :-)
>>
>> I understood there is the idea to disable external links within a couple
>> of months. That does break backward compatibility in a considerable way.
>>
>> holger
>
> But wouldn't this only be a change in pip/easy_install, not PyPI
> itself? I suppose you could explicitly break the external links by
> having them point to nothing if you are worried about the security or
> if it's some performance issue (that would indeed be a bad
> compatibility break, in case people are using those for other
> purposes). Otherwise, if it's a problem, then just use the old
> version of pip.
If we don't remove the feature from pypi itself, then it won't help the
folks for whom its a problem, because there will be no incentive for the
folks hosting their software that way to actually upload their stuff to
PyPI - which means that client-side disabling of external_links is
fairly likely to never be usable.
More information about the Catalog-SIG
mailing list