[Distutils] PEP 438, pip and --allow-external (was: "pip: cdecimal an externally hosted file and may be unreliable" from python-dev)
Paul Moore
p.f.moore at gmail.com
Sun May 11 09:58:15 CEST 2014
On 11 May 2014 08:38, Nick Coghlan <ncoghlan at gmail.com> wrote:
> This confusion can likely be resolved by giving the obvious "allow external"
> name to the behaviour most users will want, and a more obscure name like
> "allow verifiable external" to the specialised behaviour folks like Stefan &
> MAL rely on.
I'm struggling to reconcile Donald's assertion (based, I believe, on
his data from PyPI) that there are only 25 or so packages on PyPI that
are external but safe, and he's hot familiar with any of them, against
the comment that Stefan and MAL are affected by this change.
https://pypi.python.org/simple/cdecimal/ has no links - maybe because
Stefan withdrew them at the start of this debate.
https://pypi.python.org/simple/egenix-mx-base/ has verifiable external
links. I'm pretty surprised that Donald hasn't heard of mx-base.
Donald, maybe you could post the names of those 25 or so packages?
Download counts as a gross measure of popularity would be useful here,
but AIUI the current counts are unreliable. Is there any work going on
to get better download counts? That would really help in exercises
like this.
Paul
More information about the Distutils-SIG
mailing list