[Catalog-sig] pre-PEP: transition to release-file hosting at pypi site

Ronald Oussoren ronaldoussoren at mac.com
Mon Mar 11 09:06:21 CET 2013 

On 11 Mar, 2013, at 7:23, Lennart Regebro <regebro at gmail.com> wrote:

> On Mon, Mar 11, 2013 at 7:09 AM, PJ Eby <pje at telecommunity.com> wrote:
>> I think you've got things backwards here.  It's you who's been arguing
>> that the solution to the problem of "improved uptime and security" is
>> best implemented by "ban all non-PyPI hosting".
> 
> The uptime problem is *only* solvable by minimizing the number of
> hosts involved. The minimum number of hosts is one.

I mostly agree when you change hosts to websites ;-). 

> That means we
> should get all releases onto PyPI.

But this isn't necessarily true, there is another solution: mirror your requirements locally.  That way you don't have problems when the remote PyPI server is unreachable for some reason, and you can be sure that the exact version you tested with is available and used.

> This has been obvious for years,
> and I'm overjoyed to see that work is finally being done to make that
> happen. Discussion should be about how to best do that, not if we
> should do that or not.
> 
> We can also discuss wordings. Nobody is for example trying to strictly
> speaking ban hosting on other hosts than PyPI. But if you do host on
> another server, your package will not be a part of the Python
> ecosystem, and it will not be installable by easy_install or pip or
> buildout, etc. You can call that a "ban" if you want, but maybe that
> causes negative connotations that are best avoided. But what ever you
> call it the end goal and result is the same. Packages not hosted on
> PyPI will not be easily installable. This is, and must be, the end
> goal.

The end goal is to make it easy and safe to install packages.

> 
> Now let's discuss how to get there instead.

Is it even clear why numerous archives aren't hosted on PyPI?  IMHO it would be better to 
remove barriers than force projects to host files on PyPI.

Ronald

> 
> //Lennart
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig

More information about the Catalog-SIG mailing list