[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
steve at pearwood.info
Fri Jun 18 04:35:04 CEST 2010
On Fri, 18 Jun 2010 03:40:29 am Andreas Jung wrote:
> M.-A. Lemburg wrote:
> > If you ship Python-only packages with precompiled .pyc/.pyo
> > files, you do need to upload one version per Python version.
> > The marshal format and pyc magic often changes between releases.
> Once again: I am talking about the majority of packages that are
> neither commercial nor shipping without the Python source code.
Firstly, commercial is not the opposite of source-code provided. Why do
so many FOSS advocates insist on giving the message that it is? *Closed
source* is the opposite of open source.
You earlier said that PyPI should force all packages to include source
code. Are you now saying that PyPI should only force packages to
include source code if they include source code, that is, that package
owners can opt-out of this rule "you must provide source code" by
simply not providing source code?
If not, then what exactly are you saying?
> > * make PyPI itself more robust and stable (we're working on that)
> PyPI is pretty robust and this has nothing to do with packages hosted
"Pretty robust" isn't robust enough, which is why there are proposals to
shift PyPI to a commercial high-availability hosting service *and* to
mirror it extensively.
As for the second part of your statement, of course externally hosted
packages don't increase the stability of PyPI itself, but they limit
the harm from any single outage and distribute the load over the entire
internet rather than one single site.
External hosting is "don't put all your eggs in one basket", as well
as "competition between hosting providers" and "freedom of choice".
After all, PyPI is intended to be an *index* of Python software, not a
hosting service. The hosting is an optional bonus. Don't think I'm not
grateful for that, but I object strongly to your suggestion that I
should be *forced* to host my packages on PyPI if I want to register
the package there.
> > Suggesting that they can never remove a release from PyPI
> > or are not allowed to rename a package is not going to
> > attract more developers to PyPI.
> I would not care about such developers.
Then don't use their packages, but don't stop other people from using
> The basic question is: do we want PyPI being a reliable and valuable
> community resource or a partly unflushed package toilet?
The basic question is, who has the right to control the packages indexed
on PyPI? Is it the package author, or you?
More information about the Catalog-SIG