Merge peep functionality into pip #7
Comments
|
"Any of these 5 hashes" is definitely something we need to support, because of different platforms/archs. |
|
Also, pip doesn't verify the signatures on wheels. Only |
|
I am not a big fan of reqs.txt format. It would be nice to have some progress here and make a better format (in Python finally!). It would also be nice to use some default name, say Pipfile, so that "peep install" would use it as input. These changes are too much for pip though. |
|
On the other hand, a Python file should have .py extension, so maybe something like requirements.py, packages.py, peeps.py :) would make more sense... |
|
See pypa/pip#1175 (comment) for some design work toward the merge. |
|
We're going to sprint on this at PyCon next week. |
|
This was completed in pypa/pip#3137 and the feature now exists in pip 8: Peep is now deprecated for modern versions of pip - migration help can be found in the README: |
Make pip check against some kind of local hashes.
Put the hashes somewhere proper, not in comments. Either mess with the reqs.txt syntax (and then we'd need a fallback parser in pip—eww) or find some little hole in the grammar to abuse. For example Daniel Holth at one point had the idea of abusing the extras syntax, like requests[ed25519=….]==1.2.0. http://peak.telecommunity.com/DevCenter/setuptools#declaring-extras-optional-features-with-their-own-dependencies
The text was updated successfully, but these errors were encountered: