I think you should use HTTPS, hot HTTP, which works much better in my build environments. It does cause a complaint on out-of-date systems with out-of-date SSL certificate authorities, but we're talking about old systems like RHEL 5 with no security patches applied. On Sat, Apr 23, 2016 at 11:06 AM, Sander Hoentjen <sander@xxxxxxxxxxx> wrote: > Hi, > > It seems that pypi changed the location of downloads [1] > This is a bit inconvenient for us, since as far as I know we used to > rely on the old url format in Fedora packages. > For example, for python-raven I use: > Source0: > http://pypi.python.org/packages/source/r/raven/raven-%{version}.tar.gz > > An option would be to use pypi.debian.net, then the line would become: > Source0: http://pypi.debian.net/raven/raven-%{version}.tar.gz > > Not sure if we would want to depend on pypi.debian,net, so we could > create pypi.fedoraproject.org for this. Alternatively we could wait and > see if the pypi project itself creates a service like this, as mentioned > in the linked issue. > > What are your thoughts? > > [1] > https://bitbucket.org/pypa/pypi/issues/438/backwards-compatible-un-hashed-package > > Regards, > Sander > -- > packaging mailing list > packaging@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/lists/packaging@xxxxxxxxxxxxxxxxxxxxxxx -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/packaging@xxxxxxxxxxxxxxxxxxxxxxx
