[ckan-changes] [ckan/ckan] a5402f: pip >= 1.5 needs --allow-all-external

• Previous message: [ckan-changes] [ckan/ckan] 56e57f: [#1510] Correct License Not Specified capitalizati...
• Next message: [ckan-changes] [ckan/ckan] fe00e6: [#1465] exclude more unlikely cominations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  Branch: refs/heads/1465-travis-half-jobs
  Home:   https://github.com/ckan/ckan
  Commit: a5402f880678e51e266be40d7ea7f7f80ec492c6
      https://github.com/ckan/ckan/commit/a5402f880678e51e266be40d7ea7f7f80ec492c6
  Author: Vitor Baptista <vitor at vitorbaptista.com>
  Date:   2014-02-13 (Thu, 13 Feb 2014)

  Changed paths:
    M bin/travis-install-dependencies

  Log Message:
  -----------
  pip >= 1.5 needs --allow-all-external

Starting from version 1.5, pip stopped downloading packages hosted in an
external site, even if there's a checksum in PyPI that we can check the
resulting package against. This breaks when downloading argparse==1.2.1 with
Python 2.6.

Here we allow all external downloads. It shouldn't be a security issue, as
we're still checking the package's hash against PyPI.

For more info, check
http://stackoverflow.com/questions/21021326/security-considerations-of-pip-allow-external

• Previous message: [ckan-changes] [ckan/ckan] 56e57f: [#1510] Correct License Not Specified capitalizati...
• Next message: [ckan-changes] [ckan/ckan] fe00e6: [#1465] exclude more unlikely cominations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]