Authentication required to access Kallithea repository

[Mads Kiilerich]

On 21/07/2025 22:26, Branko Majic wrote:
>   
>> I hope your cron jobs don't contribute to the server load ;-)
> Well, they certainly do create _some_ load, but I really hope it is not
> making too much of an impact. I have two servers that hit the
> repository once per day to check for possible updates, and a third
> (test env) that does it every now and then when I bring it up for
> infra "development".


That seems fair and not a problem. Incognito crawlers that seem to 
ignore robots.txt are more annoying...


> Now... If an up-to-date version of Kallithea were available on PyPI, I
> could probably drop all of that. So maybe as a follow-up - would it be
> possible to restart releasing official Kallithea packages? What pieces
> might be missing for this?
>
> Otherwise... There are probably some ways I could go around
> implementing these checks if the load is a problem - last time I  tried
> I did have some issues around how pip and pip-tools (pip-compile in
> particular) behaved with a couple of alternate approaches I tried, and
> ended up falling back to pulling directly from the repo.


I could imagine that uploads to pypi only would solve your use case if 
we promised to publish the dev branch to pypi nightly. That doesn't seem 
like a good solution.

It could indeed be somewhat nice to have a less outdated latest release. 
But it would be a non-zero amount of work with very little benefit and 
thus little motivation. And I would have to ask Thomas - his knowledge 
of the "usual" release process is less outdated than mine. But I think 
it works ok to just recommend installing from the head of the repo.

The problem with pip is probably that we can't use latest pip versions 
because packaging bugs in our dependencies.

/Mads
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20250721/9eaed771/attachment.html>