From ae1042d56f99070cd8b2a7648559551d541495ad Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Sun, 26 May 2013 17:34:22 +0000 Subject: [PATCH] Add notes to requirements.txt on dependencies, and remove setuptools-git. --- requirements.txt | 59 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 9cef333..15d3051 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,58 @@ -Sphinx>=1.1 +# +# python-gnupg/requirements.txt +# ----------------------------- +# Pip requirements.txt file. This file is also parsed for distribute to use in +# setup.py. +#_____________________________________________________________________________ +# +# This file is part of python-gnupg, a Python interface to GnuPG. +# Copyright © 2013 Isis Lovecruft +# © 2008-2012 Vinay Sajip +# © 2005 Steve Traugott +# © 2004 A.M. Kuchling +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +#______________________________________________________________________________ +# +# Force pip upgrade due to security vulnerabilities. +# +# This has actually has little to do with installing python-gnupg, since +# older versions of pip would install everything just fine. except that, in +# my opinion, using GnuPG for privacy is silly when the installation of +# python-gnupg with an older version of pip is trivially exploitable through +# a MITM attack. see https://github.com/pypa/pip/pull/791 +# +# Also, note that SSL package delivery is *not* entirely fixed yet. See +# https://github.com/TheTorProject/ooni-backend/pull/1#discussion_r4084881 +# +pip>=1.3.1 +# +# NOTE: setuptools is currently (as of 27 May 2013) being merged back into its +# parent project, distribute. By using the included distribute_setup.py +# script, we make sure that we have a recent version of setuptools/distribute, +# which is the *only* Python packaging framework compatible at this point with +# both Python>=2.4 and Python3.x. +# +# A new version of distribute is necessary due to the merging of setuptools +# back into its parent project, distribute. Also, the only way to package for +# both Python 2 and 3 is to use distribute. +# +distribute>=0.6.45 +# +# Sphinx is only necessary for building documentation, so it is added in +# setup.py under extras_require['docs']. +# +# If you want to build the documentation, uncomment this line: +#Sphinx>=1.1 +# +# And, this one is actually used in the gnupg module code: +# psutil>=0.5.1 -setuptools-git>1.0b1