[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
tseaver at palladion.com
Thu Jun 17 16:59:37 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Mark Ramm wrote:
> This would also impact projects like turbogears (perhaps we're the
> only one, I don't know) that point to our own pypi compatable index
> with the download URL.
Your *index* is the download URL, or the tarball in the index?
> We do this because then we can fix things
> like packages with no windows eggs, packages that are broken on PyPi
> or whatever. And to help control which versions of which packages
> get installed by settuptools/distribute when you easy_install tg.
> I'm fine with putting sdists up on pypi, but still want people to be
> downloading files from our controlled index by default where possible.
Exactly. Anybody who says "repeatable deployment" and "install from
PyPI" in the same breath is fooling themselves already.
- - People rename projects on PyPI.
- - People remove distributions from PyPI.
- - People *replace* distributions on PyPI.
All of which make it impossible to reliably and repeatably deploy
arbitrary software configurations (directly) from PyPI. Managing your
own project-specific index is the only real solution.
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Catalog-SIG