[144262] trunk/dports/lang/py-htmldocs/Portfile

Daniel J. Luke dluke at geeklair.net
Wed Jan 6 07:56:42 PST 2016


The general solution to this problem is to create a stable (snapshot) mirror somewhere else.

> On Jan 6, 2016, at 5:44 AM, Russell Jones <russell.jones at physics.ox.ac.uk> wrote:
> I was thinking you might use git+https://github.com/python/cpython.git/Doc with a set checkout id using the GitHub PortGroup, but that would require building the docs.
> 
> How about using https://docs.python.org and relying on python.org's SSL cert to ensure the integrity rather than the MacPorts checksum?
> 
> Russell
> 
> On 05/01/16 20:10, Eric A. Borisch wrote:
>> On Tue, Jan 5, 2016 at 1:03 PM, Clemens Lang <cal at macports.org> wrote:
>>> Hi,
>>> 
>>> On Tue, Jan 05, 2016 at 12:44:49PM -0600, Ryan Schmidt wrote:
>>>> I'm not comfortable with installing unchecked files on user systems.
>>>> The whole point of the checksum system is to verify that the files
>>>> that are installed on user systems are the same files that were tested
>>>> by the maintainer. By skipping the checksum phase you remove that
>>>> safeguard.
>>> I agree, please revert that. This is an invitation for attackers.
>> I'd prefer to avoid it, obviously. Suggestions, then?
>> 
>> This is a tarball of documentation coming directly from
>> docs.python.org, which seem to be regenerated nightly (with new
>> checksums). The other versions are available in a stable form
>> (http://www.python.org/ftp/python/doc) but not the latest for 34
>> (3.4.4) or 35 (3.5.1). If there is another, stable, download location,
>> I'd be happy to point to it.
>> 
>> Thanks,
>>   - Eric

-- 
Daniel J. Luke                                                                   
+========================================================+ 
| *---------------- dluke at geeklair.net ----------------* |                          
| *-------------- http://www.geeklair.net -------------* |                          
+========================================================+ 
|   Opinions expressed are mine and do not necessarily   |                          
|          reflect the opinions of my employer.          |                          
+========================================================+







More information about the macports-dev mailing list