[144262] trunk/dports/lang/py-htmldocs/Portfile

Russell Jones russell.jones at physics.ox.ac.uk
Wed Jan 6 02:44:12 PST 2016


I was thinking you might use 
git+https://github.com/python/cpython.git/Doc with a set checkout id 
using the GitHub PortGroup, but that would require building the docs.

How about using https://docs.python.org and relying on python.org's SSL 
cert to ensure the integrity rather than the MacPorts checksum?

Russell

On 05/01/16 20:10, Eric A. Borisch wrote:
> On Tue, Jan 5, 2016 at 1:03 PM, Clemens Lang <cal at macports.org> wrote:
>> Hi,
>>
>> On Tue, Jan 05, 2016 at 12:44:49PM -0600, Ryan Schmidt wrote:
>>> I'm not comfortable with installing unchecked files on user systems.
>>> The whole point of the checksum system is to verify that the files
>>> that are installed on user systems are the same files that were tested
>>> by the maintainer. By skipping the checksum phase you remove that
>>> safeguard.
>> I agree, please revert that. This is an invitation for attackers.
> I'd prefer to avoid it, obviously. Suggestions, then?
>
> This is a tarball of documentation coming directly from
> docs.python.org, which seem to be regenerated nightly (with new
> checksums). The other versions are available in a stable form
> (http://www.python.org/ftp/python/doc) but not the latest for 34
> (3.4.4) or 35 (3.5.1). If there is another, stable, download location,
> I'd be happy to point to it.
>
> Thanks,
>    - Eric
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/macports-dev



More information about the macports-dev mailing list