[Cython] Differing Cython-0.14.1.tar.gz files
stefan_ml at behnel.de
Mon Mar 7 07:54:01 CET 2011
Ryan Schmidt, 06.03.2011 23:12:
> There are two different files called Cython-0.14.1.tar.gz -- one in http://www.cython.org/release/ and a different one in http://pypi.python.org/packages/source/C/Cython/:
Intersting. Do you mean "different" as in "different content" (i.e. sources
etc.), or just as in "md5sum gives different hashes"?
> Why don't you release a version of your software as a single distfile
> that is identical on all servers?
Well, I don't think there is a reason for that, simply because I doubt that
it's being done intentionally. I guess it just lacks a process.
In any case, I doubt that there are any differences between the tar.gz
files, except for file modification times and potentially the creation time
of the C sources. The build process is deterministic.
IMHO, the best way to make the releases would be to run
setup.py sdist register upload
to push them to PyPI, and then take the same tar.gz and copy it over to
cython.org. In any case, the one on PyPI should always take the lead, as
that's what people get when they run easy_install.
I also think we should start signing the released archives. This can be
done via distutils' "upload" command by passing
upload --sign --identity=[e-mail-address-of-key]
More information about the cython-devel