On my production installation, I only grant anonymous access to a set of specific repositories/groups. This is the situation for pypi:
- a 'pypi' proxy repository pointing to https://pypi.python.org/ which is not browsable/readable for anonymous
- a group repository 'pypi-public' containing the above proxy repository. This one is the default the anonymous user must use with browse/read permissions granted
Using the 'pypi-public' group to install packages from pip command line is behaving as expected (packages get downloaded and installed)
Using the pip command line to search packages against the group fires a login prompt. To enable anonymous search your have to specifically grant the read access on the 'pypi' member repository. This is annoying as the admin must remember to grant read access to new member repository. The read permission on the group should be enough to complete the search.