[Catalog-sig] pre-PEP: transition to release-file hosting at pypi site

[PJ Eby]

On Mon, Mar 11, 2013 at 4:07 PM, Carl Meyer <carl at oddbird.net> wrote:
> On 03/11/2013 01:57 PM, PJ Eby wrote:
>> I'm saying that if someone objects to the presence of  links they
>> don't actually use, they are speaking nonsense.  Might as well ask to
>> ban all packages from PyPI that they don't personally like -- it's the
>> same request.  Nobody is forcing you to depend on packages that don't
>> host on PyPI, so there is no point to the censorship.
>>
>> If you don't use the links, you can't argue that their presence is
>> causing you harm.
>
> You can, of course, argue that the mere presence of those links
> (combined with the current behavior of easy_install/pip) is an
> "attractive nuisance" that indirectly causes harm to unsuspecting new
> users of Python who never even consider the possibility that tools like
> easy_install and pip might spider off PyPI to arbitrary websites

Which is why I think removing rel="" spidering is a good idea.  In
fact, I'm the one who suggested that.  I also suggested moving to
turning it off by default in future versions of easy_install, adding
warnings, etc.

But that's not the same thing as agreeing that it should be *banned*
for people to publish machine-readable download information on PyPI
for a file that's hosted off-PyPI.  ISTM that Python's "consenting
adults" standard sets a higher bar for banning a feature than it does
for marking it, "here there be dragons" and offering a better
alternative.  Heck, even in Python the language, the mere removal of a
feature in a new version of Python, doesn't stop people from
continuing to use the old one.  Here we're talking about
infrastructure that everybody uses; it's not like there's a PyPI X.1
that people can keep using if X.2 comes out.