[Distutils] Round 6 - PEP 440 - Version Identification and Dependency Specification Version
Donald Stufft
donald at stufft.io
Mon Aug 11 17:22:45 CEST 2014
> On Aug 11, 2014, at 11:11 AM, Marcus Smith <qwcode at gmail.com> wrote:
>
> > Public index servers SHOULD NOT allow the use of local version identifiers for uploaded distributions.
>
> I'm thinking this should just say "PyPI" and not "Public" broadly.
> The point is for local versions not to confused with the one authoritative upstream version sequence, not that it couldn't be "public".
> I can imagine locally versioned distributions needing to be distributed or available "publicly" (e.g. for a specific platform or system).
> Considering the recommendation to use the "python.integrator" extension, which is generally about "downstream" modification and redistribution, it seems inconsistent to say that this redistribution couldn't be public.
>
We actually have a definition for Public Index Server, It’s ""Public index
servers" are index servers which allow distribution uploads from untrusted third
parties. The Python Package Index [3] is a public index server.”. This is
defined in PEP 426.
But thinking about it, that doesn't particularly match it either, because
something like binstar allows this, but should allow local versions.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140811/af9b6216/attachment.html>
More information about the Distutils-SIG
mailing list