[ckan-changes] [ckan/ckan] a5402f: pip >= 1.5 needs --allow-all-external
GitHub
noreply at github.com
Thu Feb 13 12:47:46 UTC 2014
Branch: refs/heads/1465-travis-half-jobs
Home: https://github.com/ckan/ckan
Commit: a5402f880678e51e266be40d7ea7f7f80ec492c6
https://github.com/ckan/ckan/commit/a5402f880678e51e266be40d7ea7f7f80ec492c6
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-02-13 (Thu, 13 Feb 2014)
Changed paths:
M bin/travis-install-dependencies
Log Message:
-----------
pip >= 1.5 needs --allow-all-external
Starting from version 1.5, pip stopped downloading packages hosted in an
external site, even if there's a checksum in PyPI that we can check the
resulting package against. This breaks when downloading argparse==1.2.1 with
Python 2.6.
Here we allow all external downloads. It shouldn't be a security issue, as
we're still checking the package's hash against PyPI.
For more info, check
http://stackoverflow.com/questions/21021326/security-considerations-of-pip-allow-external
More information about the ckan-changes
mailing list