[Distutils] Python people want CPAN and how the latter came about

Laura Creighton lac at openend.se
Sat Dec 26 13:15:14 CET 2009

In a message of Sat, 26 Dec 2009 13:03:32 +0900, David Cournapeau writes:
>I guess you meant upload. The reasons I see for making some things, in
>particular upload mandatory are as follows:
> - file upload makes pure rsync-based mirroring. In the case of CRAN,
>you mirror with one rsync command. No need for fancy scheme, new
>packages, etc...
> - lack of tarballs/installers means that when you use an installer,
>for example easy_install, it has to find it in another way. This way
>is based on scraping: the website may be dead, not available anymore,
>etc... In that case, installation fails. Different websites may also
>have different limitations (think about corporate networks).

This, of course, is one reason why some people want to do exactly
this.  Right now I don't know any way to say 'under no circumstances,
ever, let easy_install near my code because it will do very bad things
to it'.

> - more generally, if there is an information missing on Pypi, be it
>in the form of metadata, data, etc..., it means it will have to be
>inferred back. Making upload  easier seems a very weak argument to
>justify this.

Ah, this isn't the argument about laziness and easy of use.  This is
the argument about control.
>> Many commercial organisations have a policy that they, and only they
>> host their own code.  And they will not be willing to change this policy
>> even if you convice them that it is in their interest to Open Source
>> some of it, or perhaps the python bindings to some of it.  How do we
>> want to interoperate with these people and their code?
>I did not know it was even "allowed" to register non open source code
>in Pypi.  That's the first time I see the argument given (and the
>first time a real argument is given). Is this a major requirement ?

It's not about non-open source code.  It's about code that is open
sourced, but still copyright the company that made it.  The company
may have strict rules about where it hosts its code, for reasons of
guarding its reputation, protection from lawsuits, and the like.  This
doesn't stop somebody else from taking their code and then uploading it
to pypi, of course, but that's not what the corporate mandate says.

And, with pypi adding more features, and starting to branch into
customer support, and bug tracking, and  a rating system and the
whole social networking bit ... there is more and more reasons for
companies to decide that the burden of being part of the 'pypi
whole experience' doesn't justify making the upload.

I liked things a whole lot better when pypi was about being a package
index, and _only_ about being a package index, and where those people
who had ideas about improving the user experience were free to go out
there and write their own programs to do the same, but where none of
these has any sort of 'official recognition' and where, of course,
others who didn't want that sort of experience were free to
ignore the whole thing.



More information about the Distutils-SIG mailing list