* Deprecates the --download-cache option & removes the download
cache code.
* Removes the in memory page cache on the index
* Uses CacheControl to cache all cacheable HTTP requests to the
filesystem.
* Properly handles CacheControl headers for unconditional
caching.
* Will use ETag and Last-Modified headers to attempt to do a
conditional HTTP request to speed up cache misses and turn
them into cache hits.
* Removes some concurrency unsafe code in the download cache
accesses.
* Uses a Cache-Control request header to limit the maximum
length of time a cache is valid for.
* Adds pip.appdirs to handle platform specific application
directories such as cache, config, data, etc.
* PEP381 Mirroring support was never fully implemented leaving
users of it trivially exploitable to a MITM or malicious mirror
operator.
* 2 out of 6 of the mirrors have been removed from the pool and
will never resolve.
* The remaining mirrors often fall behind
* The mirrors will likely never be available under HTTPS
* People who wish to use a mirror of PyPI can still do so by
manually specifying a mirror url for --index-url or
--extra-index-url which is more flexible, allowing for
mirrors to be hosted under any domain.
Storing the --pre flag on the finder enables easily being able
to have it affect all package discoveries made with that finder.
The previous method of passing it into the InstallRequirement
meant that only top level dependencies were controlled by
--pre
* Links and HTMLPages know if they are "trusted"
* File Links know if they are safe or not
* A "Safe" file Link comes from a trusted Link/HTMLPage and has
a hash allowing verification of the download
* Adds a --allow-unsafe PACKAGE argument to allow unsafe files on
a per package basis
* Optimizes scraping external sites by short circuiting if
the current trust rules won't allow using it's files anyways
* By default ignore external links
* Add the ``--allow-external`` flag that enables external links
globally
* Fallback to allowing all links if we cannot determine the
API version of the parsed page
* Inform the user of ``--allow-external`` if nothing was found
to install