On 29/11/2018 18.23, Antoine Pitrou wrote:
Le 29/11/2018 à 18:17, Christian Heimes a écrit :
If we would keep the standard distribution of Python as it is and just have a Python SIG offer an additional extended distribution on python.org, then I don't have to care about the quality and security of additional code. The Python core team would neither own the code nor takes responsibility of the code.
Then it's an argument against the extended distribution. If its security and quality are not up to Python's quality standards, those people who don't want to install from PyPI may not accept the extended distribution either. And we may not want to offer those downloads from the main python.org page either, lest it taints the project's reputation.
You are assuming that you can convince or force upstream developers to change their project and development style. Speaking from personal experience, that is even unrealistic for projects that are already developed and promoted by officially acknowledged and PSF approved Python authorities.
The owners and developers of these projects set their own terms and don't follow the same rigorous CI, backwards compatibility and security policies as Python core. You can't force projects to work differently.