[Catalog-sig] What is the point of pythonpackages.com?
Stefan Krah
stefan-usenet at bytereef.org
Tue Feb 7 11:16:09 CET 2012
Andreas Jung <lists at zopyx.com> wrote:
> Honestly I am truly pissed of the by arrogance and ignorance of package
> maintainers coming with the very same arguments every time for *not
> hosting* at least copies on PyPI. So my clear message is: if you don't
> care about the professional developers and theirs by not hosting
> packages on PyPI then please stay away...
While you were busy listing your demands, in the last 24 hours three major
international banks have successfully downloaded the cdecimal package.
My target audience is well aware of best practices. In fact, I provide
greater security than PyPI by publishing sha256sums on the announce list
when a package is released.
What you call "professional development" is just a euphemism for convenience
coupled with a false sense of security. No one can guarantee sanity for each
of the 18000+ packages.
Downloading is not the bottleneck, briefly auditing and making sure that
a package actually installs is. Python 3 compatibility is another *real*
issue, so perhaps you might want to upgrade your own packages.
Stefan Krah
More information about the Catalog-SIG
mailing list