[Distutils] PyPI and Uploading Documentation
Donald Stufft
donald at stufft.io
Sun May 17 03:33:49 CEST 2015
> On May 16, 2015, at 9:31 PM, Ben Finney <ben+python at benfinney.id.au> wrote:
>
> Donald Stufft <donald at stufft.io> writes:
>
>> Ok, so unless someone comes out against this in the near future here are my
>> plans:
>>
>> 1. Implement the ability to delete documentation.
>
> +1.
>
>> 2. Implement the ability to add a (simple) redirect where we would
>> essentially just send /<project>/(.*) to $REDIRECT_BASE/$1.
>>
>> 3. Implement the ability to point the documentation URL to something
>> that isn't pythonhosted.org
>
> Both of these turn PyPI into a vector for arbitrary content, including
> (for example) illegal, misleading, or malicious content.
>
> Automatic redirects actively expose the visitor to any malicious or
> mistaken links set by the project owner.
>
> If you want to allow the documentation to be at some arbitrary location
> of the project owner's choice, then an explicit static link, which the
> visitor must click on (similar to the project home page link) is best.
>
To be clear, the documentation isn’t hosted on PyPI, it’s hosted on
pythonhosted.org and we already allow people to upload arbitrary content to
that domain, which can include JS based redirects.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20150516/5cdcb16c/attachment.sig>
More information about the Distutils-SIG
mailing list