[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Tres Seaver tseaver at palladion.com
Thu Jun 17 16:59:37 CEST 2010

Hash: SHA1

Mark Ramm wrote:
> This would also impact projects like turbogears (perhaps we're the
> only one, I don't know) that point to our own pypi compatable index
> with the download URL.

Your *index* is the download URL, or the tarball in the index?

> We do this because then we can fix things
> like packages with no windows eggs, packages that are broken on PyPi
> or whatever.   And to help control which versions of which packages
> get installed by settuptools/distribute when you easy_install tg.
> I'm fine with putting sdists up on pypi, but still want people to be
> downloading files from our controlled index by default where possible.

Exactly.  Anybody who says "repeatable deployment" and "install from
PyPI" in the same breath is fooling themselves already.

- - People rename projects on PyPI.

- - People remove distributions from PyPI.

- - People *replace* distributions on PyPI.

All of which make it impossible to reliably and repeatably deploy
arbitrary software configurations (directly) from PyPI.  Managing your
own project-specific index is the only real solution.


- --
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Catalog-SIG mailing list