[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Sridhar sridharr at activestate.com
Thu Jun 17 08:01:08 CEST 2010

On 6/16/2010 9:22 PM, Andreas Jung wrote:
> As an example: the Plone CMS buildouts depend on python-openid.
> This package is registered with PyPI
> http://pypi.python.org/pypi/python-openid
> but references to
> http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz
> For whatever reason the download URL is no longer working. In fact:
> openidenabled.com now points tohttp://www.janrain.com.

This is one of the limitations with z3c.pypimirror that prompted me to 
write my own "mirroring" solution. I have a configuration file which 
allows me to "override" package metadata for such "crap" data in PyPI. 
Things like PyPI entry for a package pointing to an older version of 
tarball, no tarball at all or broken link such as the one you mentioned 

> PyPI is a valuable and crucial resource for Python development.
> It must be kept up-to-date and consistent.
> I don't care about the arguments that were made in the past against
> stronger rules ("openness" etc.).
> There are a lot of Python programmers around that are not Python geeks
> as most of us are and they just become pissed of when packages come and
> go or are not in the place where one would expect them.
> PyPI is a community resource - but community does not mean anarchy where
> everyone should be able to upload its package crap without looking left
> and right and having the community and its needs in mind.
> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...).

BTW, I posted a similar proposal in distutils-sig@ before, and it lead 
to nowhere. I have no hope as to this one either. :-/

So much for participating in a community.


More information about the Catalog-SIG mailing list