[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

[Kevin Teague]

> Previously in this thread, there have been several plausible
> suggestions for modifying (improving?) zc.buildout to cope with the
> issues you've identified.  Have you relayed these suggestions to the
> zc.buildout developers and administrators?  Do you know for a fact
> that zc.buildout can't be fixed?  If so, perhaps it should be removed
> from PyPI; I certainly wouldn't want to rely on it.
>
>
Didn't Setuptools/easy_install began this policy of following the
download_url from PyPI's early days when it wasn't even possible to upload
to PyPI (or at least during the transition when a majority of packages only
provided download_urls). easy_install has been repeatedly critiqued for this
behaviour.

Can anyone say why pip and buildout follow this policy? Has there been any
thought to changing the install tools themselves?

I know that relying on PyPI doesn't give 100% repeatability, but it does
tend much more towards repeatability than following download_urls. I know
I'd much rather prefer that these tools require a flag to use this
behaviour, since many initially assume that these tools only download from
an index and find it quite unexpected that they'll follow links to other
servers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100617/d9a32755/attachment.html>