On 9 May 2014 00:52, "M.-A. Lemburg" <mal@egenix.com> wrote:
>
> On 08.05.2014 15:57, Nick Coghlan wrote:
>
> > (even the question of "does this software actually work?" is in our
> > sights if you consider a long enough time span). That's hard enough
> > with just a couple of service providers (Fastly and Rackspace) in the
> > mix - it quickly becomes impossible if every new dependency from an
> > installation request adds a new point of failure.
>
> Like I said: the best option is to use a local directory which
> only contains packages files that you have inspected and
> actually trust :-)

Correct, but that raises the barrier to entry too high. The pip defaults are aimed at providing an experience with the fewest points of failure that is currently achievable, with a minimal learning curve.

We still have a long way to go, but if people want to influence those design decisions, the relevant lists are pypa-dev (for pip specific discussions) and distutils-sig (for higher level cross-tool design decisions)

Cheers,
Nick.

>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source  (#1, May 08 2014)
> >>> Python Projects, Consulting and Support ...   http://www.egenix.com/
> >>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
>
> ::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
>
>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>            Registered at Amtsgericht Duesseldorf: HRB 46611
>                http://www.egenix.com/company/contact/