[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
Andreas Jung
lists at zopyx.com
Fri Jun 18 05:49:46 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I retract this proposal and accepting the fact that obviously nobody
outside the Zope/Plone world is really interested in bringing PyPI
forward and putting the freedom to register and upload packages in
whatever state to PyPI over the needs of a well-maintained and reliable
package index. After almost 20 years I am still under the impression
that we are still in the kindergarten.
Deeply frustrated,
Andreas
Andreas Jung wrote:
> Hi there,
>
> I propose a policy change for packages registered with PyPI:
>
> - packages registered on PyPI have at least one release
>
> - one release of registered package on PyPI _must_ contain
> a valid source code distribution (sdist)
>
> - packages registered on PyPI without releases or without
> source code release are subject to be removed after N days
> after the day of registration
>
> Why?
>
> Any package registered on PyPI is possibly crucial to any kind of
> development and deployment.
>
> Packages hosted on external servers (referenced through a download_url)
> are subject to come and go - packages once released should be available
> at any time from a well-known location (PyPI). Dependencies on the
> availability of external downloads servers other than PyPI are hardly
> acceptable for real-world development and deployments.
>
> As an example: the Plone CMS buildouts depend on python-openid.
> This package is registered with PyPI
>
> http://pypi.python.org/pypi/python-openid
>
> but references to
>
> http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz
>
> For whatever reason the download URL is no longer working. In fact:
> openidenabled.com now points to http://www.janrain.com.
>
> Other reasons for disappearing package in the past:
>
> - network or server outages of external servers
> - users changed their organization and the organization removed
> content of their former employees
>
> PyPI is a valuable and crucial resource for Python development.
> It must be kept up-to-date and consistent.
>
> I don't care about the arguments that were made in the past against
> stronger rules ("openness" etc.).
>
> There are a lot of Python programmers around that are not Python geeks
> as most of us are and they just become pissed of when packages come and
> go or are not in the place where one would expect them.
>
> PyPI is a community resource - but community does not mean anarchy where
> everyone should be able to upload its package crap without looking left
> and right and having the community and its needs in mind.
>
> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...).
>
> Andreas
>
- ------------------------------------------------------------------------
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG at python.org
http://mail.python.org/mailman/listinfo/catalog-sig
- --
ZOPYX Limited | zopyx group
Charlottenstr. 37/1 | The full-service network for Zope & Plone
D-72070 Tübingen | Produce & Publish
www.zopyx.com | www.produce-and-publish.com
- ------------------------------------------------------------------------
E-Publishing, Python, Zope & Plone development, Consulting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwa7NoACgkQCJIWIbr9KYxOpgCcD6DBM0ThxmShMrOzFQEAJkye
ZVoAoMavJSWWfTg/3ahy1X3bQ5PN7bLk
=7/GJ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100618/391efa57/attachment.vcf>
More information about the Catalog-SIG
mailing list