Move PackageFinder's --trusted-host logic to PipSession by cjerdonek · Pull Request #6903 · pypa/pip (original) (raw)

This PR moves PackageFinder's --trusted-host logic to PipSession.

Before this PR, the --trusted-host state and logic was spread across two classes: PipSession (via its self.mount() calls) and PackageFinder (from its trusted_hosts attribute). This meant that both classes had to know about the trusted hosts and be kept in sync with each other when updating the trusted hosts.

Moving PackageFinder's --trusted-host logic to PipSession lets all of this logic be kept in one place. It also makes PackageFinder simpler, because (1) PackageFinder no longer has to know about or have methods to manage the trusted hosts (aside from a single property that delegates to the underlying PipSession), and (2) we no longer need to pass the trusted_hosts value to PackageFinder as an argument when constructing the PackageFinder instance (we only need to pass the PipSession argument). So the argument list becomes smaller on the PackageFinder side.

Putting it wholly in download.py also makes sense from a subject matter perspective.