PyPI mirror in enclosed environments #9860
stohrendorf
started this conversation in
Ideas
Replies: 1 comment 1 reply
-
Related issues: #1632 and #5958 Replacing PyPI with a mirror should be easier than defining arbitrary custom sources globally because we do not include the URL of PyPI in the lock file. Actually, there is already a plugin that allows to replace PyPI: https://github.com/arcesium/poetry-plugin-pypi-mirror/ |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Found some issues regarding "private" PyPI mirrors for pypi.org, especially regarding environments where the build environment is restricted such that it can't access anything outside of a corporate network and has to go through some sort of proxy/mirror with a different URL, and where people want to define that mirror globally instead of within pyproject.toml (sadly, can't provide any issues/discussions here right now since I'm in a different environment and discussions about this specific issue seem to be sparse). Most of these issues contained some discussion about authentification, but I doubt that a mirror should require any authentification at all. If you call it a mirror, it should be a mirror. Arguments were made that when you change URLs, it would lead to possibly non-reproducible lockfiles. That is acceptable. However, I think it is possible to globally redirect pypi.org/pythonhosted.org requests to a company mirror. Here's what I'm thinking about.
The assumptions:
This leads to the following:
Disclaimer:
Possible issues:
Beta Was this translation helpful? Give feedback.
All reactions