p.f.moore at gmail.com
Wed Mar 20 17:45:13 CET 2013
On 20 March 2013 16:31, Nick Coghlan <ncoghlan at gmail.com> wrote:
> Then the pip developers, for example, could say "we trust Christoph to
> make our Windows installers", and grant him repackager access so he
> could upload the binaries for secure redistribution from PyPI rather
> than needing to host them himself.
Another axis of the same idea would be to allow people to upload
"unofficial" binaries. The individual would not need to be confirmed
as trusted by the project, but his uploads would *not* be visible by
default on PyPI. Users would be able to "opt in" to builds by that
individual, and if they did, those builds would be merged in with
what's on PyPI.
That model is much closer to how Christoph is actually working at the
moment - people can choose whether to trust him, but if they do they
can get his builds and the upstream projects don't get involved.
More information about the Distutils-SIG