[Distutils] draft PEP: manylinux1
Nick Coghlan
ncoghlan at gmail.com
Fri Jan 22 05:42:59 EST 2016
On 22 January 2016 at 19:33, M.-A. Lemburg <mal at egenix.com> wrote:
> For example, if a package needs a specific version of libpng,
> the package author can document this and the user can then make
> sure to install that particular version.
The assumption that any given Python user will know how to do this is
not a reasonable assumption in 2016.
If a publisher wants to bundle a particular version of libpng, they
can. If (as is also entirely reasonable) they don't want to assume the
associated responsibilities for responding to CVEs, then they can
stick with source distributions, or target more specific Linux
versions (as previously discussed in the context of Nate Coraor's
Starforge work)
Regards,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list