[Distutils] Outdated packages on pypi

Nick Coghlan ncoghlan at gmail.com
Tue Jul 19 02:37:45 EDT 2016


On 18 July 2016 at 02:56, Wes Turner <wes.turner at gmail.com> wrote:
> If you have an alternate way to represent a graph with JSON, which is
> indexable as as RDF named graph quads and cryptographically signable
> irrespective of data ordering or representation format  (RDFa, JSONLD) with
> ld-signatures,
> I'd be interested to hear how said format solves for that problem.

It doesn't, but someone *that isn't PyPI* can still grab the data set,
throw it into a graph database like Neo4j, calculate the cross
references, and then republish the result as a publicly available data
set for the semantic web. That way, the semantic linking won't need to
be limited just to the Python ecosystem, it will be able to span
ecosystems, as happens with cases like npm build dependencies (where
node-gyp is the de facto C extension build toolchain for Node.js, and
that's written in Python, so NPM dependency analysis needs to be able
to cross the gap into the Python packaging world) and with frontend
asset pipelines in Python (where applications often want to bring in
additional JavaScript dependencies via npm rather than vendoring
them).

Given that we already have services like libraries.io and
release-monitoring.org for ecosystem independent tracking of upstream
releases, they're more appropriate projects to target for the addition
of semantic linking support to project metadata, as having one or two
public semantic linking projects like that for the entirety of the
open source ecosystem would make a lot more sense than each language
community creating their own independent solutions that would still
need to be stitched together later.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


More information about the Distutils-SIG mailing list