[Python-Dev] Yearly PyPI breakage (original) (raw)
tritium-list at sdamon.com tritium-list at sdamon.com
Wed May 4 02:39:51 EDT 2016
- Previous message (by thread): [Python-Dev] Yearly PyPI breakage
- Next message (by thread): [Python-Dev] Yearly PyPI breakage
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Are you for real? I honestly do not understand your hostility.
You posted a mean-spirited complaint about a policy that is nearly exactly two years old, to the wrong list, and call out the people calmly trying to explain what happened and why, and how you can mitigate it for your own work and organization. What do you intend to accomplish?
- PyPI is no longer and index, it is a repository
- The decision to disable the index-only features of PyPI were made 2 years ago, including pep438 - plenty of time to make alternate arrangements.
- The tooling for hosting your own repository is available, should you actually need to host the files outside of PyPI
- The tooling exists to use other indexes
- The tooling exists to host your own index that serves your own packages (that you develop or third party packages that you package for your own use), that defaults to PyPI for packages not in your own repository
I understand that you are upset that a feature you used was removed; posting with hostility to a list of people who do not even have control over the repository is not a legitimate way to solve your problems.
-----Original Message----- From: Python-Dev [mailto:python-dev-bounces+tritium-_ _list=sdamon.com at python.org] On Behalf Of Stefan Krah Sent: Wednesday, May 04, 2016 00:15 To: python-dev at python.org Subject: Re: [Python-Dev] Yearly PyPI breakage >> > [cut overlong post] > Glyph, > nice sneaky way to try to divert from the original issue. Your whole post is invalidated by the simple fact that the URL was protected by a hash (which I repeatedly asked to be upgraded to sha256). > This was the official scheme promoted by PEP-438, which you should know. But of course your actual intention here is character assassination, pretending to "rescue" cdecimal and trying to divert from the fact that the transition to PEP 470 was handled suboptimally. >> The very reason for this thread is that the security was silently disabled WITHOUT me getting a notification. What is on PyPI now is not what I configured! >> Please believe me when I say I do not mean the following to be insulting
people who have done actual cryptography to varying degrees often tend to focus on the important parts and aren't impressed by regurgitating catch phrases like SSL and man-in-the-middle:
The amount of security "experts" in the Python community that pontificate on any occasion is pretty annoying. What do you think djb thinks of Twisted? > If anyone wants package-index access to this name to upload Windows or manylinux wheels just let me know; however, as this is just a proof of concept, I do not intend to maintain it long-term. That apparently all you can do: Move bits from place A to place B and not care how long it took to produce them. You are a real hero.
Stefan Krah
Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/tritium- list%40sdamon.com
- Previous message (by thread): [Python-Dev] Yearly PyPI breakage
- Next message (by thread): [Python-Dev] Yearly PyPI breakage
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]