[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Christian Zagrodnick cz at gocept.com
Thu Jun 17 08:11:19 CEST 2010

On 2010-06-17 06:22:32 +0200, Andreas Jung <lists at zopyx.com> said:

> Hash: SHA1
> Hi there,
> I propose a policy change for packages registered with PyPI:
>  - packages registered on PyPI have at least one release
>  - one release of registered package on PyPI _must_ contain
>    a valid source code distribution (sdist)
>  - packages registered on PyPI without releases or without
>    source code release are subject to be removed after N days
>    after the day of registration
> Why?
> Any package registered on PyPI is possibly crucial to any kind of
> development and deployment.
> Packages hosted on external servers (referenced through a download_url)
> are subject to come and go - packages once released should be available
> at any time from a well-known location (PyPI). Dependencies on the
> availability of external downloads servers other than PyPI are hardly
> acceptable for real-world development and deployments.

I second that. External download URLs are really a pain.

I don't think that removing packages that way would really solve the 
problem. I think the core is:

* Require the package to have a source dist *on* PyPI
* Forbid removing any source package.


> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...=
> ).


Christian Zagrodnick · cz at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development

More information about the Catalog-SIG mailing list