If popular packages weren't favored that would be a problem. Popularity should be correlated with "trustworthiness" or whatever the metric this curated repo seeks to maximize. I think the important thing is that the packages are both popular and have passed some sort of vetting procedure. For instance, for a very long time Python2 was far more popular than Python3, but any expert in the field would encourage users to move to Python3 sooner rather than later. Python2 is popular, but it wouldn't have made the cut on some expert-curated list. So it helps in that it reranks popular packages (and also excludes some) for those who want to adopt a more strict security / reliability posture. By no means do I think this would replace pypi as the de-facto packaging repository. Its low barrier to entry is extremely important for a thriving community, but I also wouldn't mind having something a bit more robust. I also think this project would have to careful not to become yet another "awsome-python-package" collection. Those certainly have value, but based on the initial proposal, I'm interested in something a tad more robust. On Mon, Jul 24, 2023 at 8:55 AM Chris Angelico <rosuav@gmail.com> wrote:
... some thoughts on how to build a scalable, resilient trust network
On Mon, 24 Jul 2023 at 21:02, James Addison via Python-ideas <python-ideas@python.org> wrote: based on user ratings; I can't guarantee that it'll change your opinion, though!
This still has the fundamental problems of any sort of user rating system: popular packages are inherently favoured. And we can already get a list of popular packages, because download stats are available. So how would this scheme help?
ChrisA _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-leave@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/LU6BFQ... Code of Conduct: http://python.org/psf/codeofconduct/
-- -Dr. Jon Crall (him)