On 20 March 2013 16:31, Nick Coghlan <ncoghlan@gmail.com> wrote:
Then the pip developers, for example, could say "we trust Christoph to make our Windows installers", and grant him repackager access so he could upload the binaries for secure redistribution from PyPI rather than needing to host them himself.
Another axis of the same idea would be to allow people to upload "unofficial" binaries. The individual would not need to be confirmed as trusted by the project, but his uploads would *not* be visible by default on PyPI. Users would be able to "opt in" to builds by that individual, and if they did, those builds would be merged in with what's on PyPI. That model is much closer to how Christoph is actually working at the moment - people can choose whether to trust him, but if they do they can get his builds and the upstream projects don't get involved. Paul