[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
aclark at aclark.net
Thu Jun 17 07:11:41 CEST 2010
Andreas Jung wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi there,
> I propose a policy change for packages registered with PyPI:
> - packages registered on PyPI have at least one release
> - one release of registered package on PyPI _must_ contain
> a valid source code distribution (sdist)
> - packages registered on PyPI without releases or without
> source code release are subject to be removed after N days
> after the day of registration
> Any package registered on PyPI is possibly crucial to any kind of
> development and deployment.
> Packages hosted on external servers (referenced through a download_url)
> are subject to come and go - packages once released should be available
> at any time from a well-known location (PyPI). Dependencies on the
> availability of external downloads servers other than PyPI are hardly
> acceptable for real-world development and deployments.
> As an example: the Plone CMS buildouts depend on python-openid.
> This package is registered with PyPI
> but references to
> For whatever reason the download URL is no longer working. In fact:
> openidenabled.com now points to http://www.janrain.com.
FWIW, I have uploaded a local copy of that file to:
> Other reasons for disappearing package in the past:
> - network or server outages of external servers
> - users changed their organization and the organization removed
> content of their former employees
> PyPI is a valuable and crucial resource for Python development.
> It must be kept up-to-date and consistent.
> I don't care about the arguments that were made in the past against
> stronger rules ("openness" etc.).
> There are a lot of Python programmers around that are not Python geeks
> as most of us are and they just become pissed of when packages come and
> go or are not in the place where one would expect them.
> PyPI is a community resource - but community does not mean anarchy where
> everyone should be able to upload its package crap without looking left
> and right and having the community and its needs in mind.
> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...).
> - --
> ZOPYX Limited | zopyx group
> Charlottenstr. 37/1 | The full-service network for Zope& Plone
> D-72070 Tübingen | Produce& Publish
> www.zopyx.com | www.produce-and-publish.com
> - ------------------------------------------------------------------------
> E-Publishing, Python, Zope& Plone development, Consulting
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
> Catalog-SIG mailing list
> Catalog-SIG at python.org
Alex Clark · http://aclark.net
Author — Plone 3.3 Site Administration · http://aclark.net/admin
More information about the Catalog-SIG