On Thu, Jul 6, 2023, 14:22 James Addison <jay@jp-hosting.net> wrote:
I agree, we should encourage or await a single organization to reimplement a packaging ecosystem with a slightly different set of properties that continue to provide them with editor biasing, preventing eventual global consensus and system neutrality.

Is your time available to help build it?

I'd like to apologise for this comment; I don't think that I argued in good faith here.

I was frustrated by a sense that many of the more straightforward attempts to make improvements in packaging ecosystems are, in themselves, a reinvention of previously-existing wheels, often producing similarly wonky spokes to previous attempts that result in repeated off-course journeys that, given enough knowledge of the history of technology, seem predictable.

To observe that and then to go on to suggest that we simply wait for the next wonky wheel builder doesn't seem like genuine progress, and I should neither argue for that nor ask whether other people want to spend their own valuable time on it.

On Thu, Jul 6, 2023, 14:17 Gregory Disney <gregory.disney.leugers@gmail.com> wrote:
why do people insist on reinventing the wheel? Blockchain is not the answer for adding trust that is verifiable. Code signing is the answer, it’s widely accepted and would be useful in cases of trusted computing and other security use cases.

I don’t want to load a hash table to load a third party module on a UEFI interface. 

On Thu, Jul 6, 2023 at 9:11 AM James Addison via Python-ideas <python-ideas@python.org> wrote:
On Wed, Jul 5, 2023, 19:06 Chris Angelico <rosuav@gmail.com> wrote:
On Thu, 6 Jul 2023 at 03:57, James Addison via Python-ideas
<python-ideas@python.org> wrote:
> I also agree with a later reply about avoiding the murkier side of blockchains / etc.  That said, it seems to me (again, sample size one anecdata) that creating a more levelled playing field for package publication could benefit from the use of some distributed technologies.  Even HTTP mirrors are, arguably, a basic form of that.. there's at least one question related to recency of data, though.  Delaying availability of a package to an audience -- if it's important enough -- could under some circumstances become effectively similar to censorship.
>

A blockchain won't solve anything here. It would be completely and
utterly impractical to put the packages themselves into a blockchain,
so all you'd have is the index, and that means it's just a bad version
of PyPI's own single-page index.

ChrisA
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-leave@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/PTIS3HZHJSFV7ETWE7UP4HKXS4WN2OEO/
Code of Conduct: http://python.org/psf/codeofconduct/

Mostly agreed.  A distributed hash table or similar, though, could be appropriate in combination with ideas similar to the accreting layers of self-reinforcing consensus that some blockchain technologies provide.
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-leave@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/I3CDZAXGYVS33DJ4JEENGYMF4MY6BQ7O/
Code of Conduct: http://python.org/psf/codeofconduct/