[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Steven D'Aprano steve at pearwood.info
Fri Jun 18 04:35:04 CEST 2010

On Fri, 18 Jun 2010 03:40:29 am Andreas Jung wrote:
> M.-A. Lemburg wrote:
> > If you ship Python-only packages with precompiled .pyc/.pyo
> > files, you do need to upload one version per Python version.
> > The marshal format and pyc magic often changes between releases.
> Once again: I am talking about the majority of packages that are
> neither commercial nor shipping without the Python source code.

Firstly, commercial is not the opposite of source-code provided. Why do 
so many FOSS advocates insist on giving the message that it is? *Closed 
source* is the opposite of open source.

You earlier said that PyPI should force all packages to include source 
code. Are you now saying that PyPI should only force packages to 
include source code if they include source code, that is, that package 
owners can opt-out of this rule "you must provide source code" by 
simply not providing source code?

If not, then what exactly are you saying?

> >  * make PyPI itself more robust and stable (we're working on that)
> PyPI is pretty robust and this has nothing to do with packages hosted
> externally.

"Pretty robust" isn't robust enough, which is why there are proposals to 
shift PyPI to a commercial high-availability hosting service *and* to 
mirror it extensively.

As for the second part of your statement, of course externally hosted 
packages don't increase the stability of PyPI itself, but they limit 
the harm from any single outage and distribute the load over the entire 
internet rather than one single site.

External hosting is "don't put all your eggs in one basket", as well 
as "competition between hosting providers" and "freedom of choice". 
After all, PyPI is intended to be an *index* of Python software, not a 
hosting service. The hosting is an optional bonus. Don't think I'm not 
grateful for that, but I object strongly to your suggestion that I 
should be *forced* to host my packages on PyPI if I want to register 
the package there.

> > Suggesting that they can never remove a release from PyPI
> > or are not allowed to rename a package is not going to
> > attract more developers to PyPI.
> I would not care about such developers. 

Then don't use their packages, but don't stop other people from using 

> The basic question is: do we want PyPI being a reliable and valuable
> community resource or a partly unflushed package toilet?

The basic question is, who has the right to control the packages indexed 
on PyPI? Is it the package author, or you?

Steven D'Aprano

More information about the Catalog-SIG mailing list