[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Andreas Jung lists at zopyx.com
Fri Jun 18 05:49:46 CEST 2010

Hash: SHA1

I retract this proposal and accepting the fact that obviously nobody
outside the Zope/Plone world is really interested in bringing PyPI
forward and putting the freedom to register and upload packages in
whatever state to PyPI over the needs of a well-maintained and reliable
package index. After almost 20 years I am still under the impression
that we are still in the kindergarten.

Deeply frustrated,

Andreas Jung wrote:
> Hi there,
> I propose a policy change for packages registered with PyPI:
>  - packages registered on PyPI have at least one release
>  - one release of registered package on PyPI _must_ contain
>    a valid source code distribution (sdist)
>  - packages registered on PyPI without releases or without
>    source code release are subject to be removed after N days
>    after the day of registration
> Why?
> Any package registered on PyPI is possibly crucial to any kind of
> development and deployment.
> Packages hosted on external servers (referenced through a download_url)
> are subject to come and go - packages once released should be available
> at any time from a well-known location (PyPI). Dependencies on the
> availability of external downloads servers other than PyPI are hardly
> acceptable for real-world development and deployments.
> As an example: the Plone CMS buildouts depend on python-openid.
> This package is registered with PyPI
> http://pypi.python.org/pypi/python-openid
> but references to
> http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz
> For whatever reason the download URL is no longer working. In fact:
> openidenabled.com now points to http://www.janrain.com.
> Other reasons for disappearing package in the past:
>  - network or server outages of external servers
>  - users changed their organization and the organization removed
>    content of their former employees
> PyPI is a valuable and crucial resource for Python development.
> It must be kept up-to-date and consistent.
> I don't care about the arguments that were made in the past against
> stronger rules ("openness" etc.).
> There are a lot of Python programmers around that are not Python geeks
> as most of us are and they just become pissed of when packages come and
> go or are not in the place where one would expect them.
> PyPI is a community resource - but community does not mean anarchy where
> everyone should be able to upload its package crap without looking left
> and right and having the community and its needs in mind.
> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...).
> Andreas

- ------------------------------------------------------------------------

Catalog-SIG mailing list
Catalog-SIG at python.org

- -- 
ZOPYX Limited           | zopyx group
Charlottenstr. 37/1     | The full-service network for Zope & Plone
D-72070 Tübingen        | Produce & Publish
www.zopyx.com           | www.produce-and-publish.com
- ------------------------------------------------------------------------
E-Publishing, Python, Zope & Plone development, Consulting

Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100618/391efa57/attachment.vcf>

More information about the Catalog-SIG mailing list