commit a89a084889f1715fa1a54ac410142f038bcb66bf Author: Isis Lovecruft isis@torproject.org Date: Wed May 15 22:37:02 2013 +0000
Add info and references on why the strange links are in requirements.txt. --- requirements.txt | 24 +++++++++++++++++++++--- 1 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/requirements.txt b/requirements.txt index 813d840..471433f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,20 @@ -i https://pypi.python.org/packages +## +## The above line replaces pip's default package index, and this line is +## removed from the .requirements.travis file, due to its incompatibility +## with the '--use-mirrors' option that TravisCI recommends. +## +## The URLs in this file which have been commented out are due to a design +## problem in pip-1.3.0, where it ships with a default package index of +## 'https://pypi.python.org/simple', which though *it* was over SSL as +## promised, it still crawled the links on a module's PyPI page, which contains +## arbitrary links, such as project homepages, created by the PyPI maintainer +## of the module. see +## +## https://github.com/TheTorProject/ooni-backend/pull/1#discussion_r4084881 for +## a detailed description of the problem, and why these links may still be +## useful until pip is updated again. +## PyYAML>=3.10 #https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.10.tar.gz#md5=74c9... Twisted>=12.2.0 @@ -9,9 +25,11 @@ ipaddr>=2.1.10 #https://ipaddr-py.googlecode.com/files/ipaddr-2.1.10.tar.gz#sha1=c608450b077... pygeoip>=0.2.6 #https://pypi.python.org/packages/source/p/pygeoip/pygeoip-0.2.6.zip#md5=b3ac... -# Originally fetched from the hg repo on secdev.org: -# https://hg.secdev.org/scapy/archive/tip.zip#egg=scapy -# This is a Tor Project mirror with valid SSL/TLS certs that is stable and fast: +## +## Originally fetched from the hg repo on secdev.org: +## https://hg.secdev.org/scapy/archive/tip.zip#egg=scapy +## This is a Tor Project mirror with valid SSL/TLS certs that is stable and fast: +## https://people.torproject.org/~ioerror/src/mirrors/ooniprobe/scapy-02-25-201... transaction>=1.4.1 #https://pypi.python.org/packages/source/t/transaction/transaction-1.4.1.zip#...