PMXBOT Log file Viewer

Help | Karma | Search:

#pypa logs for Thursday the 30th of January, 2020

(Back to #pypa overview) (Back to channel listing) (Animate logs)
[16:18:31] <The_Tick> is there a switch I'm not finding to ignore ssl certificate verification issues?
[16:19:41] <The_Tick> sorry, with pip
[16:20:52] <ngoldbaum> haven't tried it but i think you can do "pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org"
[16:21:00] <ngoldbaum> note that this is a terrible idea
[16:21:31] <The_Tick> considering I'm doing the mitm I think it's fine :)
[16:21:46] <ngoldbaum> ah ok, fair :)
[16:22:01] <ngoldbaum> is this an enterprise deployment? you might want to use your own pypi mirror.
[16:22:12] <The_Tick> it's a vm on my workstation at an enterprise
[16:22:27] <The_Tick> and I only need like 2 packages
[16:22:30] <toad_polo> The_Tick: In previous HR type situations like this we had some way to pin the cert.
[16:22:38] <toad_polo> To the MITM cert.
[16:23:09] <toad_polo> I dunno, I thought it was a bad idea to do the MITM cert in the first place, so I tended to not care about safety when it's being so explicitly undermined by the people who have actual skin in the game anyway.
[16:23:19] <The_Tick> if it wasn't anything more than me installing trac in a vm because I like the roadmapping to keep track of my tasks, I'd do something different
[16:24:53] <tos9> I instead just use pip2pi at this point personally
[16:24:59] <tos9> And disable pip using an index at all
[16:25:11] <The_Tick> the switch ngoldbaum gave me seems to have worked
[16:25:46] <The_Tick> uh huh
[16:26:19] <ngoldbaum> (joking, if that's not obvious)
[16:26:29] <The_Tick> hehe
[22:32:19] <asheesh> Hi PyPA! I'm reading PEP-0517, and I saw this:
[22:32:20] <asheesh> > The source directory may be read-only. Backends should therefore be prepared to build without creating or modifying any files in the source directory, but they may opt not to handle this case, in which case failures will be visible to the user. Frontends are not responsible for any special handling of read-only source directories.
[22:32:46] <asheesh> Under what circumstances are source directories read-only? Just curious. Cheers!
[23:12:39] <techalchemy> asheesh, when the user installing the package doesn't have write access to the folder it resides in
[23:12:45] <techalchemy> but does have read access
[23:13:28] <techalchemy> imagine for instance a shared system or a shared drive with permissions configured on a package such that only some users can modify it but anyone can read its contents