On 08.05.2014 15:57, Nick Coghlan wrote:
On 8 May 2014 23:39, M.-A. Lemburg firstname.lastname@example.org wrote:
However, for some reason there's a strong resistance against doing this, which I frankly don't understand.
Because we're taking responsibility for the end-to-end user experience of PyPI, and are expressly trying to eliminate the elements of that user experience that are beyond the control of the PyPI admin team
Oh, I guess you'd have to rewrite most of those 40k packages then :-)
Seriously, the word "eliminate" in there does not sit well with our goals for openness. External services like github, sourceforge, bitbucket, dropbox, cdns, etc. are not per-se evil and unreliable.
pip should acknowledge this and not try to "eliminate" all hosting services in the world per default [sound of Empire Strikes Back theme] ;-)
(even the question of "does this software actually work?" is in our sights if you consider a long enough time span). That's hard enough with just a couple of service providers (Fastly and Rackspace) in the mix - it quickly becomes impossible if every new dependency from an installation request adds a new point of failure.
Like I said: the best option is to use a local directory which only contains packages files that you have inspected and actually trust :-)
-- Marc-Andre Lemburg eGenix.com
Professional Python Services directly from the Source (#1, May 08 2014)
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/