[Catalog-sig] PyPI's external packages

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Thu May 12 22:56:38 CEST 2011

On 07:21 pm, ziade.tarek at gmail.com wrote:
>2011/5/12  <exarkun at twistedmatrix.com>:
>>On 03:57 pm, ziade.tarek at gmail.com wrote:
>>>I think some people are unaware of the fact that hosting themselves
>>>their packages can lead to problems when their websites are down.
>>>I'd like to propose these two very simple changes:
>>>- in packaging/distutils2, when the register command is called, just
>>>state that uploading the package would be a good idea  :)
>>>- in pypi.python.org, on a project page that has no file uploaded, if
>>>the user connected is the project owner/maintainer, add a small
>>>message explaining why it's a good idea
>>>Maybe that could help reducing the number of external packages
>>>I'll definitely do something in distutils2 but maybe someone has a 
>>>idea ?
>>Make it easier to upload packages to PyPI.  For example, add an scp- 
>I think Martin added some ssh capability lately. Would make sense to
>add it in distutils2.

It's weird ssh stuff that so far hasn't seemed to make anything easier. 
I'm not entirely sure what its goal is.
>>  or make "upload" work even if the package files exist on the
>>filesystem somewhere already.
>I am not sure to get that one.  Like
>$ python setup.py upload /any/random/file  ?

Yes, like that.  There are already server-side checks (which are too 
strict in at least one place, preventing legitimate files from being 
uploaded), so I don't see how it's a problem.  Plus, if I really want to 
dump garbage onto PyPI, then I can still use the web interface.  Making 
uploading inconvenient isn't a strategy for keeping trouble away.


More information about the Catalog-SIG mailing list