[tor-commits] [oonib/master] Add info and references on why the strange links are in requirements.txt.

isis at torproject.org isis at torproject.org
Wed May 15 22:43:44 UTC 2013


commit a89a084889f1715fa1a54ac410142f038bcb66bf
Author: Isis Lovecruft <isis at torproject.org>
Date:   Wed May 15 22:37:02 2013 +0000

    Add info and references on why the strange links are in requirements.txt.
---
 requirements.txt |   24 +++++++++++++++++++++---
 1 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 813d840..471433f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,20 @@
 -i https://pypi.python.org/packages
+##
+## The above line replaces pip's default package index, and this line is
+## removed from the .requirements.travis file, due to its incompatibility
+## with the '--use-mirrors' option that TravisCI recommends. 
+##
+## The URLs in this file which have been commented out are due to a design
+## problem in pip-1.3.0, where it ships with a default package index of
+## 'https://pypi.python.org/simple', which though *it* was over SSL as
+## promised, it still crawled the links on a module's PyPI page, which contains
+## arbitrary links, such as project homepages, created by the PyPI maintainer
+## of the module.  see
+##
+## https://github.com/TheTorProject/ooni-backend/pull/1#discussion_r4084881 for
+## a detailed description of the problem, and why these links may still be
+## useful until pip is updated again.
+##
 PyYAML>=3.10
 #https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.10.tar.gz#md5=74c94a383886519e9e7b3dd1ee540247#egg=PyYAML
 Twisted>=12.2.0
@@ -9,9 +25,11 @@ ipaddr>=2.1.10
 #https://ipaddr-py.googlecode.com/files/ipaddr-2.1.10.tar.gz#sha1=c608450b077b19773d4f1b5f1ef88b26f6650ce0#egg=ipaddr
 pygeoip>=0.2.6
 #https://pypi.python.org/packages/source/p/pygeoip/pygeoip-0.2.6.zip#md5=b3ac1bfcd535782bc59af78e722cf5c1#egg=pygeoip
-# Originally fetched from the hg repo on secdev.org:
-#   https://hg.secdev.org/scapy/archive/tip.zip#egg=scapy
-# This is a Tor Project mirror with valid SSL/TLS certs that is stable and fast:
+##
+## Originally fetched from the hg repo on secdev.org:
+##   https://hg.secdev.org/scapy/archive/tip.zip#egg=scapy
+## This is a Tor Project mirror with valid SSL/TLS certs that is stable and fast:
+##
 https://people.torproject.org/~ioerror/src/mirrors/ooniprobe/scapy-02-25-2013-tip.zip#egg=scapy
 transaction>=1.4.1
 #https://pypi.python.org/packages/source/t/transaction/transaction-1.4.1.zip#md5=8db2680bc0f999219861a67b8f335a88#egg=transaction





More information about the tor-commits mailing list