<div dir="ltr">As a heads up I filed bugs with each of these projects (with the exception of netifaces, which doesn't appear to have a tracker). The dnspython maintainer has already uploaded the package to PyPi and disabled scraping!<div>
<br></div><div>Alex</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 19, 2013 at 8:04 PM, Monty Taylor <span dir="ltr"><<a href="mailto:mordred@inaugust.com" target="_blank">mordred@inaugust.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hey guys!<br>
<br>
PyPI is moving towards the world of getting people to stop hosting stuff<br>
via external links. It's been bad for us in the past and one of the<br>
reasons for the existence of our mirror. pip 1.4 has an option to<br>
disallow following external links, and in 1.5 it's going to be the<br>
default behavior.<br>
<br>
Looking forward, we have 5 pip packages that host their stuff<br>
externally. If we have any pull with their authors, we should get them<br>
to actually upload stuff to pypi. If we don't, we should strongly<br>
consider our use of these packages. As soon as pip 1.4 comes out, I<br>
would like to moving forward restrict the addition of NEW requirements<br>
that do not host on pypi. (all 5 of these host insecurely as well, fwiw)<br>
<br>
The culprits are:<br>
<br>
dnspython,lockfile,netifaces,psutil,pysendfile<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)<br>
"The people's good is the highest law." -- Cicero<br><div>GPG Key fingerprint: 125F 5C67 DFE9 4084</div></div>
</div>