[Distutils] Python people want CPAN and how the latter came about
kiorky at cryptelium.net
Fri Dec 25 13:27:20 CET 2009
Tres Seaver a écrit :
> kiorky wrote:
> I would say that having a package author *not* upload the distributions
> is their right, but I would likely avoid using such a package,
That depend, people can not upload their packages because previous bad
experience, for false generated sdist for example.
> just on that basis. Note that I build per-project mirrors of the pacakges I use
> anyway, in part not to depend on either PyPI
You depend on them anyway in first place anyway, at the first installation, even
in dev or pre-production modes. And having problems at those stages have maybe
less drawbacks but you are nevertheless blocked. Having a single archive which
supports mirrors "officially" would just be safer than a single archived not
officially mirrored with thirdparty satellite mirrors which can be randomly down.
And having Personal/Corporate PyPi/eggs mirrors are beyond the scope, here, i
think. It's just an additional and mandatory security policy to deploy projects
> or other download sources
> for supporting apps in production: I just prefer to use only
> freely-distributable software.
As, i think, mostly of us including me. And 99,9% softwares registered on Pypi.
So, comes my idea that we would have just to get the source distributions where
they are no matter how they would have been generated and mirror them as-is on
Pypi which could be the only thing to mirror (and i don't say here that
mirroring pypi is synomym of easy, Lennart) to get a bit safer.
In a nowodays projet, i get often errors with thirdparty mirrors. It may be just
bad chance, but i got problems.
GPG Key FingerPrint: 0x1A1194B7681112AF
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Distutils-SIG