[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

[Mark Ramm]

> Would you use PyPI as download server or as primary location if it would
> be more reliable or having a usuable mirroring infrastructure?

No.   Because it would still drop old packages, allow people to upload
new packages and otherwise make the repeatable builds difficult.

I'm most frustrated by the dropping of old packages, but unless I lock
down things super tightly in setup.py new versions turn out to break
the tg install process often enough that we need more control than
pypi provides.

> The point: of course I can create own internal mirror - but do we really
> want or need that? My business is building software - not mirrors or
> workarounds for a missing or unreliable package infrastructure.

Well, I need it.   I've spent work implementing it, and I want it to
continue to be supported, and for my use of this feature to continue
to work.  If you think it's bad and don't want that, then fine.   But
I'm more interested in making the tools I have now work now for the
users we have now.  And making pypi more available doesn't solve my
whole problem, and the proposal at the start of the thread, makes it
worse for me.

> Side note: just checked CPAN - CPAN has 228 official mirrors, PyPI has
> no official mirrors (only four or five) inofficial mirrors as part of
> the PyPI mirroring project).

Yea, more mirrors would be better.   No doubt.

--Mark Ramm