On Sat, Apr 23, 2016 at 12:36 PM, Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> wrote: > On Sat, Apr 23, 2016 at 12:20:56PM -0400, Nico Kadel-Garcia wrote: >> I think you should use HTTPS, hot HTTP, which works much better in my >> build environments. It does cause a complaint on out-of-date systems >> with out-of-date SSL certificate authorities, but we're talking about >> old systems like RHEL 5 with no security patches applied. > > I think you mis-understood the issue raised here > > Pypi used to provide URLs of the form: > http://pypi.python.org/packages/source/r/raven/raven-%{version}.tar.gz > While now the URLs look like: > https://pypi.python.org/packages/3e/c9/fa64acb27f2878963ae5965a74461cd0195ebab2ba6aea2803c1f7ade8e8/raven-5.13.0.tar.gz Oh, dear lord. It's the exact opposite of numbered versions of bundled packages. One may as well have multiple SRPM's with the exact same name and different in the same dnf repository, and encode the checksum into the URL so you can pick and choose them all from the same repository. -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/packaging@xxxxxxxxxxxxxxxxxxxxxxx
