PMXBOT Log file Viewer

Help | Karma | Search:

#pypa-dev logs for Wednesday the 12th of February, 2020

(Back to #pypa-dev overview) (Back to channel listing) (Animate logs)
[10:32:05] <graingert> thoughts on renaming "--trusted-host"
[10:32:21] <graingert> eg to "-allow-deprecated-insecure-http-for-host"
[10:32:49] <graingert> I just reviewed a PR with "--trusted-host" added due to a misunderstanding as to what the flag did
[10:33:08] <graingert> the developer wanted that host to be "trusted" because it *did* support https TLS
[13:32:47] <graingert> pradyunsg: ^
[13:33:03] <graingert> * "--allow-deprecated-insecure-http-for-host"
[13:33:59] <pradyunsg> graingert: ack
[13:34:09] <graingert> nice shall I make a github issue?
[13:35:17] <pradyunsg> ei8fdb: here's another point to consider in the how-to-handle-index-urls CLI review that I just suggested in a GitHub comment a few minutes ago. 🙈
[13:35:34] <pradyunsg> graingert: yep, that'd be great!
[13:35:59] <graingert> feature or bug?
[13:37:47] <pradyunsg> graingert: feature, mostly because the template might be better suited for this request. :)
[13:38:49] <pradyunsg> aishwary: you can update your PR.
[13:42:17] <graingert> pradyunsg: https://github.com/pypa/pip/issues/7725
[13:42:42] <pradyunsg> graingert: thanks! :)
[13:43:31] <pradyunsg> graingert: I'll respond/label it when I'm on a laptop. :)
[13:56:43] <graingert> tyvm
[19:33:56] <graingert> pradyunsg: tbh I'm pro removing the flag and telling people to create their own local https reverse proxy with a straight face
[19:35:32] <pradyunsg> graingert: yea, hey, pip will only look at one index; if you wanna do anything fancy, use a devpi or something else, is a very reasonable approach for us to take.
[19:36:49] <graingert> Yeah getting rid of --extra-index-url and --find-links would be good
[19:36:53] <graingert> too
[19:38:41] <graingert> pradyunsg perhaps pip could support https://tools.ietf.org/html/rfc6761 and treat localhost as http as a secure context
[19:40:05] <graingert> https://www.w3.org/TR/secure-contexts/#localhost
[19:40:16] <graingert> Oh that feature died you have to use 127.0.0.1
[19:41:07] <graingert> That way you do --index-url http://127.0.0.1:8080/path/to/devpi/specific-repo
[19:42:07] <graingert> And pip will treat it as trusted still
[19:48:17] <techalchemy> pradyunsg, removing cli flags to configure indexes is probably not a great idea
[19:48:29] <techalchemy> or rather, removing *ways* of configuring indexes
[19:48:56] <techalchemy> i don't have strong opinions about the flags themselves
[19:58:23] <sangy> generally, adding a feature is easy, removing it is quite hard