-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a stable & secure hosted link to the latest Setuptools/pip bootstrap script. #34
Comments
Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco): I've updated the documentation and release script to now use our best available method for hosting (bitbucket downloads). I say best available because that's the technique with which I'm familiar and have been following. I do want to (a) fully mechanize that technique, and (b) update it to use PyPI instead of bitbucket. Since the release script uses pure Python and now requires 'requests', it should be fairly easy to implement something that uses the PyPI credentials to upload the file. |
Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco): I had another idea for hosting the script. Using Mercurial bookmarks, we can create lightweight reference to the latest stable version. Consider this link: https://bitbucket.org/pypa/setuptools/raw/stable/ez_setup.py The ‘stable’ in the URL refers to a bookmark, which will be maintained (and mechanically updated as part of the release process) to refer to the latest stable release. Alternatively ‘bootstrap’ could be used specifically to refer to the changeset containing the preferred bootstrap script. There are several advantages to this approach:
|
Original comment by Ivoz (Bitbucket: Ivoz, GitHub: Ivoz): @r1chardj0n3s do you like the above idea? |
Original comment by prologic (Bitbucket: prologic, GitHub: prologic): The most useful and secure way I've fount to bootstrap setuptools is to use the following url: Bump the version as new releases of setuptools are released. I keep the version in a config file as part of my configuration management scripts. |
Original comment by Ivoz (Bitbucket: Ivoz, GitHub: Ivoz): @prologic there is a good use case for needing a permanent (i.e without a version number in it) URL for documentation, tutorials, other scripts, that don't want to be manually updated whenever a new version of setuptools comes out, but do want to refer to the latest version. That's the primary reason I created the issue. @jaraco thanks for creating that bookmarked url, looks like a nifty way to do it. I'll start using that for now. |
Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco): The most current, officially-sanctioned bootstrap can now be persistently found at https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py |
--HG-- extra : rebase_source : 549f10a7b864152871edccf3d0f9e0bf57fb8bf0
--HG-- extra : rebase_source : 4468b50706cd9ab6d0ae990ee6f785b314837dba
Originally reported by: Ivoz (Bitbucket: Ivoz, GitHub: Ivoz)
Hi, as far as I know this is a desirable to provide a secure way to bootstrap into a "modern" python package installation environment.
@ncoghlan has advised me that currently it is planned to be hosted on pypi.python.org, available under their https connection.
Obvious use-case for this link would be to be allowed in documentation and setup scripts that wouldn't need to change with changes in Setuptools'/pip's version.
@r1chardj0n3s is currently writing a new pip-bootstrap for 3.4 (hopefully backportable)
AFAIK this would install latest versions of setuptools and pip, as they are rather symbiotic.
I just wished to create an issue to track progress of this and so I can update docs when it appears.
As of writing it can be found @ https://bitbucket.org/pypa/setuptools/raw/0.8/ez_setup.py
Analogously, scripts for distribute are hosted under http://python-distribute.org/ although that is not under HTTPS currently. pip's can be found currently at https://raw.github.com/pypa/pip/master/contrib/get-pip.py
The text was updated successfully, but these errors were encountered: