Add additional reasons and explicitly reject the "next steps" of PEP 438
This commit is contained in:
Donald Stufft
parent
443b0b8f48
commit
c70767600e
15
pep-0470.txt
15
pep-0470.txt
|
|
@ -389,6 +389,9 @@ This includes:
|
|||
hosted.
|
||||
* Default to disallowing safely externally hosted files with only a global
|
||||
flag to enable them, but disallow unsafely hosted.
|
||||
* Continue on the suggested path of PEP 438 and remove the option to unsafely
|
||||
host externally but continue to allow the option to safely host externally.
|
||||
|
||||
|
||||
These proposals are rejected because:
|
||||
|
||||
|
|
@ -454,6 +457,18 @@ These proposals are rejected because:
|
|||
or attempt to deploy to a server where their install will fail again until
|
||||
they add the "make it work" flag in their configuration file.
|
||||
|
||||
* The URL classification only works for a certain subset of projects, however
|
||||
it does not allow for any project which needs additional restrictions such
|
||||
as Access Controls. This means that there would be two methods of doing the
|
||||
same thing, linking to a file safely and hosting an index. Hosting an index
|
||||
works in all situations and by relying on this we make for a more consistent
|
||||
experience no matter the reason for external hosting.
|
||||
|
||||
* The safe external hosting option hampers the ability of PyPI to upgrade it's
|
||||
security infrastructure. For instance if MD5 becomes broken in the future
|
||||
there will be no way for PyPI to upgrade the hashes of the projects which
|
||||
rely on safe external hosting via MD5 while files that are hosted on PyPI
|
||||
can simply be processed over with a new hash function.
|
||||
|
||||
Copyright
|
||||
=========
|
||||
|
|
|
|||
Loading…
Reference in New Issue