-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get sha256 hash from /simple (PEP503) endpoint #120
Comments
Another option that would be standardized across HTTP hosts |
Pardon my ignorance, but what does this mean simplified? |
@peterbe see the page source of https://m.devpi.net/root/pypi/+simple/devpi-server/ each of the urls have a |
Yeah, or https://pypi.org/simple/hashin/ But that's not JSON. That would require parsing the HTML, no? |
the simple index api is an html subset, designed to be amenable to simple processing: |
Another thing that would help is if |
True. I think that'd need to be part of the patch that "scrapes" instead of JSON. |
It is worthwhile, because then we could add the necessary json support on the devpi side and you don't have to change anything else. Scraping wouldn't be required anymore. |
What's the problem this feature will solve?
when using devpi or other non- pypi.org servers the hashing falls back to downloading the asset and hashing it locally
Describe the solution you'd like
use the sha256 hash from the /simple endpoint pypi.org and devpi both provide sha256 hashes as a fragment in their href
It's optional and may not include the user' preferred hash function, so pip-compile should still fall-back on the JSON api/downloading assets:
for example artifactory's pypi implementation only puts md5 in the fragment of their simple href https://www.jfrog.com/jira/browse/RTFACT-18495
Alternative Solutions
devpi/devpi#801 (comment)
Additional context
/cc @fschulze
jazzband/pip-tools#1109
view-source on: https://m.devpi.net/root/pypi/+simple/devpi-server/
and view-source on: https://pypi.org/simple/devpi-server/
The text was updated successfully, but these errors were encountered: