On Wed, May 17, 2023 at 2:22 PM Daniel Guffey <daniel.guffey@gmail.com> wrote:

I'm a bit dubious about the pypi suggestion as packages are being regularly poisoned with malware ( e.g. New KEKW malware infects open-source Python Wheel files via a PyPI distribution | SC Media (scmagazine.com) ) and support issues keep happening with package management tools.

This is an absurd complaint. For one, the PyPA dealt with that very quickly. But more relevantly, Toolz is a package with many years of development by well-trusted people. Yes, getting a brand new malware onto PyPI is a danger, but that's a completely unrelated issue than using well-established and signed packages from known people.

If you weirdly distrust PyPI, you can equally get the same thing via GitHub... I guess unless you also distrust those repos.

It's not absurd to suggest a new decorator for the standard library. But "I don't trust PyPI" isn't going to win you any support for the idea.

The dead increasingly dominate and strangle both the living and the
not-yet born. Vampiric capital and undead corporate persons abuse
the lives and control the thoughts of homo faber. Ideas, once born,
become abortifacients against new conceptions.