[Python-Dev] Yearly PyPI breakage

Stefan Krah stefan at bytereef.org
Thu May 5 18:22:01 EDT 2016 

Nick Coghlan <ncoghlan <at> gmail.com> writes:
> I know you're not happy with myself and the other distutils-sig folks
> regarding the decision to deprecate and remove automatic link
> spidering,

More accurately: Not happy with the removal of the checksummed "explicit"
mode. What I would have preferred is a FreeBSD-like ports system. FreeBSD
has been used in huge and secure installations, so the I don't buy the
reliability and security arguments that are used in favor of centralization.
But centralization seems to be a goal in and of itself these days (and
that isn't limited to Python).


> nor with the PSF regarding the current Terms of Service
> around uploads to PyPI, but that doesn't make it OK to start off-topic
> threads on python-dev just because you're a CPython core developer in
> addition to being a PyPI user.

Alexander thought otherwise:

  https://mail.python.org/pipermail/python-dev/2015-October/141840.html

"Given that ensurepip is part of stdlib, I am not sure this is an accurate
statement.  Even if it was, did you make any effort to discuss the proposal
outside of a small group subscribed to distutils ML?"

I completely agree with that.


Fredrik Lundh is also affected (and might not have received any mail,
same as me):

  https://pypi.python.org/pypi/PIL


> It *definitely* doesn't make it OK to accuse people of conspiring
> against you when they answer your question in good faith, just because
> their answer is the official distutils-sig/PyPA one (which was
> approved through the PEP process in PEP 470).

I'm not sure what you are referring to. Donald posted a link to PEP 470,
in my response to Nathaniel I acknowledged this. In my exchange with
Łukasz we both came to the conclusion (I think) that further discussion
would be futile.  IMO all responses from Brett, Donald, Nathaniel and
Łukasz were reasonable and I haven't accused them of conspiring in the
slightest.  I see that the PEP was accepted by Paul Moore.  I couldn't
even dream of accusing Paul Moore of any kind of conspiracy.  He's one
of the most reasonable (and *genuinely* polite) people on these mailing
lists.


Or are you referring to a super-condescending flame bait where someone
cloned a private website, assumed general ignorance and then proceeded
to offer a hostile fork to anyone who would be interested?

Well, I accepted the flame bait.


> - writing to psf-legal to let them know whether or not Van Lindberg's
> draft updates to the Terms of Service would be sufficient to make you
> comfortable with uploading cdecimal to PyPI in addition to bundling it
> with the standard library under your existing Contributor Licensing
> Agreement: https://bitbucket.org/vanl/pypi/src/default/templates

Okay, so there was recent progress here. This is actual news to me.

Do you remember what kind of derision I went through for just suggesting
something like that a couple of years ago?  Yes, you supported me, but
what about the others?  Or that Van Lindberg was in the merry group of
Twitter heroes who were gloating about the fact that (in their opinion)
I could not do anything about the first hostile fork?  Technically, he
didn't gloat, but suddenly legal advice was apparently readily available.

  https://pypi.python.org/pypi/m3-cdecimal


I can assure you that CoCs or "diversity statements" won't help you at all.


Stefan Krah

More information about the Python-Dev mailing list