[Distutils] Immutable Files on PyPI
Barry Warsaw
barry at python.org
Tue Sep 30 18:07:23 CEST 2014
On Sep 30, 2014, at 02:34 PM, Jeremy Stanley wrote:
>I'm becoming less and less convinced it actually *is* a source
>distribution any more. My constant interaction with downstream Linux
>distro packagers shows a growing disinterest in consuming release
>"tarballs" of software, that they would generally prefer to pull
>releases directly from tags in the project's revision control
>systems instead.
This is not a universally held consensus.
We had a discussion about this at the recently concluded Debian conference.
There are folks who only want to use git tags as the consumption point for
Debian packages, but this opinion was not the majority opinion. There's no
guarantee that what you get from a tagged upstream source revision will match
what comes in the sdist tarball. Plus, the greater Debian ecosystem is firmly
camped in the tarball world, so even if you do checkout from a tag, you still
have to build a tarball for uploads, *and* you have to do it in a binary exact
copy reproducible way.
Thus, in the Debian Python team our policy is that if upstream produces
tarballs (as is the case for the vast majority of our packages, which are
sourced from PyPI), then we want the Debian package to use tarballs. There
can be exceptions to the rule, but still today they are exceptions.
I don't think the tarball format is dead yet.
Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140930/c8cf1095/attachment.sig>
More information about the Distutils-SIG
mailing list