[Catalog-sig] [Distutils] distribute D.C. sprint tasks

[Tres Seaver]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(trimming distutils SIG, as this is about PyPI policy):


Tarek Ziadé wrote:
> On Tue, Oct 14, 2008 at 12:59 AM, "Martin v. Löwis" <martin at v.loewis.de> wrote:

> last points I can think of, that we have discussed at the sprint:
> 
> - are non open source licensed packages alllowed at PyPI ?
> 
> - wouldn't it make sense for open source package to force a sdist
> upload before any other kind of distribution
>
> (this is a feature claimed by many people in fact, as binary 
> distribution obsfuscate things and make it hard to install if it's
> not the same version, and if it was not intended by the packager)

I think a reasonable policy would be to allow 'register' but not
'upload' of non-FOSS pacakges:  those who want binary-only distribution
typically have a profit-motive in mind, and can therefore pay for their
own bandwith for downloads.

Likewise, I think a  requirement that packagers upload an 'sdist' before
uploading any 'bdist' files (eggs, windows installers, etc.) is
reasonable, as it reinforces the first policy, as well as removes a
certain class of "you can't get there from here" bugs (i.e., the package
is available on PyPI, but not in any form which a particular user can
use, even if that user could install the package from source).

I don't think a subversion URL is an adequate replacement for an
'sdist':  if the package is not mature enough to run 'setup.py sdist',
then it shouldn't be used for 'bdist' either.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI9KmV+gerLs4ltQ4RAvviAJ9KSEh0Gt+j55CnFhxUNXIGgQenugCfTulw
oX5eRUfIJQ+e4Q09b0e6MK4=
=gj+p
-----END PGP SIGNATURE-----