On May 9, 2014, at 5:01 AM, Paul Moore email@example.com wrote:
On 9 May 2014 05:34, Donald Stufft firstname.lastname@example.org wrote:
On May 8, 2014, at 5:22 PM, Donald Stufft email@example.com wrote:
Socially, this change does not seem to be having the effect of persuading more package developers to host on PyPI. The stick doesn't appear to have worked, maybe we should be trying to find a carrot?
Do you have any data to point to that says it hasn’t worked? Just to see what impact it has had, I’m running my scripts again that I ran a year ago to see what has changed, already I can see they are processing MUCH faster than last year.
The data has finished processing, it represents a time diff of approximately one year. The pip release that caused all of this was released about 4-5 months ago.
Overall PyPI has seen a 50% growth in installable projects in that time. If the change would have had no effect we'd expect to see a ~50% increase across the board. However what we've seen is a a 60% (+10% of expected) increase in projects that can only be installed from PyPI and a 12% decrease in projects that have any unsafe files (-62% of expected).
Donald, Thanks for taking the time to get those figures. It does appear that there are less cases that would be affected than the number of complaints would imply.
Of course, I don’t like making claims without backing them up if I can :)
The only concern I have about this type of analysis is that it doesn't "weight" projects. It may be (and again, I have no data to back this up) that the projects that are affected detrimentally by this change are unusually popular or otherwise significant. There's obviously no way to assess this sensibly other than by making a judgement on the level of complaints.
Yea, I don’t have a good way to weight those projects in any way. Normally I could get some sort of estimate by looking at the download numbers from PyPI but well ;)
For the record, here’s the list of projects that are hosted only safely externally or that have any safely externally hosted files:
Most of these don’t stand out to me at all. The only ones that do are:
But arguing numbers was never my intention here, so let's just say that I concede that the change has had a positive effect, which is great. Paul
I didn’t mean to try to imply that it was :) I just wanted to make sure that my claims were true, or if they weren’t I wanted to be able to say that I was wrong. Since I had the numbers computed already it didn’t make any sense not to share them here.
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA