[Distutils] self.introduce(distutils-sig)

Donald Stufft donald at stufft.io
Wed Mar 20 19:29:32 CET 2013

On Mar 20, 2013, at 12:45 PM, Paul Moore <p.f.moore at gmail.com> wrote:

> On 20 March 2013 16:31, Nick Coghlan <ncoghlan at gmail.com> wrote:
>> Then the pip developers, for example, could say "we trust Christoph to
>> make our Windows installers", and grant him repackager access so he
>> could upload the binaries for secure redistribution from PyPI rather
>> than needing to host them himself.
> Another axis of the same idea would be to allow people to upload
> "unofficial" binaries. The individual would not need to be confirmed
> as trusted by the project, but his uploads would *not* be visible by
> default on PyPI. Users would be able to "opt in" to builds by that
> individual, and if they did, those builds would be merged in with
> what's on PyPI.
> That model is much closer to how Christoph is actually working at the
> moment - people can choose whether to trust him, but if they do they
> can get his builds and the upstream projects don't get involved.
> Paul
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig

Why can't unofficial binaries just use a separate index? e.g. Christoph can just make an index with his binaries.

This solution also works well if someone wants to maintain a curated PyPI.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130320/3cad8bea/attachment.pgp>

More information about the Distutils-SIG mailing list