[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI
Christian Zagrodnick
cz at gocept.com
Thu Jun 17 08:11:19 CEST 2010
On 2010-06-17 06:22:32 +0200, Andreas Jung <lists at zopyx.com> said:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> I propose a policy change for packages registered with PyPI:
>
> - packages registered on PyPI have at least one release
>
> - one release of registered package on PyPI _must_ contain
> a valid source code distribution (sdist)
>
> - packages registered on PyPI without releases or without
> source code release are subject to be removed after N days
> after the day of registration
>
> Why?
>
> Any package registered on PyPI is possibly crucial to any kind of
> development and deployment.
>
> Packages hosted on external servers (referenced through a download_url)
> are subject to come and go - packages once released should be available
> at any time from a well-known location (PyPI). Dependencies on the
> availability of external downloads servers other than PyPI are hardly
> acceptable for real-world development and deployments.
I second that. External download URLs are really a pain.
I don't think that removing packages that way would really solve the
problem. I think the core is:
* Require the package to have a source dist *on* PyPI
* Forbid removing any source package.
[...]
> PyPI must become a stable package index. Everything registered with PyPI
> must be available at any time (mirrors, distributing PyPI in the cloud...=
> ).
ack.
--
Christian Zagrodnick · cz at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development
More information about the Catalog-SIG
mailing list