I think you should use HTTPS, hot HTTP, which works much better in my
build environments. It does cause a complaint on out-of-date systems
with out-of-date SSL certificate authorities, but we're talking about
old systems like RHEL 5 with no security patches applied.
On Sat, Apr 23, 2016 at 11:06 AM, Sander Hoentjen <sander(a)hoentjen.eu> wrote:
> Hi,
>
> It seems that pypi changed the location of downloads [1]
> This is a bit inconvenient for us, since as far as I know we used to
> rely on the old url format in Fedora packages.
> For example, for python-raven I use:
> Source0:
>
http://pypi.python.org/packages/source/r/raven/raven-%{version}.tar.gz
>
> An option would be to use
pypi.debian.net, then the line would become:
> Source0:
http://pypi.debian.net/raven/raven-%{version}.tar.gz
>
> Not sure if we would want to depend on pypi.debian,net, so we could
> create
pypi.fedoraproject.org for this. Alternatively we could wait and
> see if the pypi project itself creates a service like this, as mentioned
> in the linked issue.
>
> What are your thoughts?
>
> [1]
>
https://bitbucket.org/pypa/pypi/issues/438/backwards-compatible-un-hashed...
>
> Regards,
> Sander
> --
> packaging mailing list
> packaging(a)lists.fedoraproject.org
>
http://lists.fedoraproject.org/admin/lists/packaging@lists.fedoraproject.org