[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
Sridhar
sridharr at activestate.com
Thu Jun 17 08:01:08 CEST 2010
On 6/16/2010 9:22 PM, Andreas Jung wrote:
> As an example: the Plone CMS buildouts depend on python-openid.
> This package is registered with PyPI
>
> http://pypi.python.org/pypi/python-openid
>
> but references to
>
> http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz
>
> For whatever reason the download URL is no longer working. In fact:
> openidenabled.com now points tohttp://www.janrain.com.
>
This is one of the limitations with z3c.pypimirror that prompted me to
write my own "mirroring" solution. I have a configuration file which
allows me to "override" package metadata for such "crap" data in PyPI.
Things like PyPI entry for a package pointing to an older version of
tarball, no tarball at all or broken link such as the one you mentioned
here.
> PyPI is a valuable and crucial resource for Python development.
> It must be kept up-to-date and consistent.
>
> I don't care about the arguments that were made in the past against
> stronger rules ("openness" etc.).
>
> There are a lot of Python programmers around that are not Python geeks
> as most of us are and they just become pissed of when packages come and
> go or are not in the place where one would expect them.
>
> PyPI is a community resource - but community does not mean anarchy where
> everyone should be able to upload its package crap without looking left
> and right and having the community and its needs in mind.
>
> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...).
>
BTW, I posted a similar proposal in distutils-sig@ before, and it lead
to nowhere. I have no hope as to this one either. :-/
So much for participating in a community.
-srid
More information about the Catalog-SIG
mailing list