
On Sun, Jun 02, 2013 at 17:26 +1000, Nick Coghlan wrote:
On Sun, Jun 2, 2013 at 5:10 PM, holger krekel <holger@merlinux.eu> wrote:
If pypi has no idea about namespaces (like i considered them in my other post) then using namespaces do not really provide much. Someone can still come along and publish within that pseudo-namespace. I would think the goal of pypi-namespaces would be to give a group control over anything that's released using it, allowing to communicate install-users certain guarantees.
However, before further discussion i think there first needs to be more reasoning and stating of practical problems with the current anyone-can-register-anything-that's-not-taken model.
TUF actually has native support for prefix delegation, but actually *using* that is a long way down the todo list at the moment. Static dependency metadata publication and end-to-end signature support are well ahead of it and will likely keep us collectively busy for a while yet.
No worries, I understood already that it's not high on your list. I'd appreciate, however, if Jim or someone else could state the problems with missing namespacing so we can start a discussion from there later. Speaking of TUF: is there some kind of PEP like doc floating already? cheers, holger
Cheers, Nick.
-- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia