Hi Donald, On Tue, Jul 30, 2013 at 14:04 -0400, Donald Stufft wrote:
On Jul 30, 2013, at 1:13 PM, PJ Eby <pje@telecommunity.com> wrote:
On Tue, Jul 30, 2013 at 4:14 AM, Donald Stufft <donald@stufft.io> wrote:
Heh, I'm pretty good at getting yelled at :)
Nick is also pretty good at making people feel like he both knows and *cares* about their breakage, and isn't just dismissing their concerns as trivial or unimportant. Breakage isn't trivial or unimportant to the person who's yelling, so this is an important community-maintenance skill. It builds trust, and reduces the total amount of yelling.
*shrug*, If I didn't care I would have made this change as soon as Nick said it was ok. Instead I declared I was going to and waited to make sure nobody else had any concerns. And once Holger said he did I said ok I won't do it. Maybe my mannerisms give the impression I don't but that's actually pretty far from the truth. For this particular change I originally created the pip commit that allowed it, and then again I created the setuptools commit, backporting hashlib into setuptools to support Python 2.4. I put a decent amount of effort into trying to make sure that nothing broke but in the end there were still concerns :)
For the record, i am all for putting generic hash support into the installers and maybe prepare for an eventual change to make PyPI serve sha256 hashes. However, to me it's not clear if such a move may become obsolete through the potential advent of TUF. My original objection reason was tied to generally pushing for more focus on backward-compatibility. I am grateful that several people including you, Nick and Jannis acknowledged the point. best, holger
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig