<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 28, 2015 at 9:34 AM, Skip Montanaro <span dir="ltr"><<a href="mailto:skip.montanaro@gmail.com" target="_blank">skip.montanaro@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On Wed, May 27, 2015 at 2:03 PM, Donald Stufft <<a href="mailto:donald@stufft.io">donald@stufft.io</a>> wrote:<br>
> I’m of the opinion that, given a brand new language, it makes more sense to have really good packaging tools built in, but not to have a standard library.<br>
<br>
</span>While perhaps nice in theory, the process of getting a package into<br>
the standard library provides a number of filters (hurdles, if you<br>
will) through which a package much pass (or surmount) before it is<br>
deemed suitable for broad availability by default to users, and for<br>
support by the core development team. Today, that includes<br>
documentation, unit tests, broad acceptance by the user community (in<br>
many cases), and a commitment by the core development team to maintain<br>
the package for the foreseeable future. To the best of my knowledge,<br>
none of those filters apply to PyPI-cataloged packages. That is not to<br>
say that the current process doesn't have its problems. Some really<br>
useful stuff is surely not available in the core. If the core<br>
development team was stacked with people who program numeric<br>
applications for a living, perhaps numpy or something similar would be<br>
in the core today.<br>
<br>
The other end of the spectrum is Perl. It has been more than a decade<br>
since I did any Perl programming, and even then, not much, but I still<br>
remember how confused I was trying to choose a package to manipulate<br>
dates and times from CPAN with no guidance. I know PyPI has a weight<br>
field. I just went back and reread the footnote describing it, but I<br>
really have no idea how it operates. I'm sure someone nefarious could<br>
game that system so their security compromising package drifts toward<br>
the top of the list. Try searching for "xml." 2208 packages are<br>
return, with weights ranging from 1 to 9. 107 packages have weights of<br>
8 or 9. If the standard library is to dwindle down to next-to-nothing,<br>
a better scheme for package selection/recommendation will have to be<br>
developed.<br></blockquote><div><br></div><div>A workflow for building CI-able, vendorable packages with coverage</div><div>and fuzzing?</div><div><br></div><div>* xUnit XML test results</div><div>* <a href="http://schema.org/AssessAction">http://schema.org/AssessAction</a><br></div><div> * Quality 1 (Use Cases n, m)</div><div> * Quality 2 (Use cases x, y)</div><div> * SecurityAssessAction</div><div>* <a href="http://schema.org/ChooseAction">http://schema.org/ChooseAction</a></div><div> * Why am I downloading duplicate functionality?</div><div><br></div><div>* <a href="http://schema.org/LikeAction">http://schema.org/LikeAction</a></div><div> * Community feedback is always helpful.</div><div> </div><div>Or, a workflow for maintaining a *distribution of* **versions of** (C and) Python packages?</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><font color="#888888"><br>
Skip<br>
</font></span><div class=""><div class="h5">_______________________________________________<br>
Python-ideas mailing list<br>
<a href="mailto:Python-ideas@python.org">Python-ideas@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/python-ideas" target="_blank">https://mail.python.org/mailman/listinfo/python-ideas</a><br>
Code of Conduct: <a href="http://python.org/psf/codeofconduct/" target="_blank">http://python.org/psf/codeofconduct/</a></div></div></blockquote></div><br></div></div>