[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
lists at zopyx.com
Thu Jun 17 06:22:32 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
I propose a policy change for packages registered with PyPI:
- packages registered on PyPI have at least one release
- one release of registered package on PyPI _must_ contain
a valid source code distribution (sdist)
- packages registered on PyPI without releases or without
source code release are subject to be removed after N days
after the day of registration
Any package registered on PyPI is possibly crucial to any kind of
development and deployment.
Packages hosted on external servers (referenced through a download_url)
are subject to come and go - packages once released should be available
at any time from a well-known location (PyPI). Dependencies on the
availability of external downloads servers other than PyPI are hardly
acceptable for real-world development and deployments.
As an example: the Plone CMS buildouts depend on python-openid.
This package is registered with PyPI
but references to
For whatever reason the download URL is no longer working. In fact:
openidenabled.com now points to http://www.janrain.com.
Other reasons for disappearing package in the past:
- network or server outages of external servers
- users changed their organization and the organization removed
content of their former employees
PyPI is a valuable and crucial resource for Python development.
It must be kept up-to-date and consistent.
I don't care about the arguments that were made in the past against
stronger rules ("openness" etc.).
There are a lot of Python programmers around that are not Python geeks
as most of us are and they just become pissed of when packages come and
go or are not in the place where one would expect them.
PyPI is a community resource - but community does not mean anarchy where
everyone should be able to upload its package crap without looking left
and right and having the community and its needs in mind.
PyPI must become a stable package index. Everything registered with PyPI
must be available at any time (mirrors, distributing PyPI in the cloud...).
ZOPYX Limited | zopyx group
Charlottenstr. 37/1 | The full-service network for Zope & Plone
D-72070 Tübingen | Produce & Publish
www.zopyx.com | www.produce-and-publish.com
E-Publishing, Python, Zope & Plone development, Consulting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316 bytes
Desc: not available
More information about the Catalog-SIG