[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

[Ian Bicking]

On Thu, Jun 17, 2010 at 3:18 PM, Kevin Teague <kevin at bud.ca> wrote:

>
> Previously in this thread, there have been several plausible
>> suggestions for modifying (improving?) zc.buildout to cope with the
>> issues you've identified.  Have you relayed these suggestions to the
>> zc.buildout developers and administrators?  Do you know for a fact
>> that zc.buildout can't be fixed?  If so, perhaps it should be removed
>> from PyPI; I certainly wouldn't want to rely on it.
>>
>>
> Didn't Setuptools/easy_install began this policy of following the
> download_url from PyPI's early days when it wasn't even possible to upload
> to PyPI (or at least during the transition when a majority of packages only
> provided download_urls). easy_install has been repeatedly critiqued for this
> behaviour.
>
> Can anyone say why pip and buildout follow this policy? Has there been any
> thought to changing the install tools themselves?
>

To the degree people have tested their installation procedures, they've
usually tested that it works with easy_install.  easy_install in turn was
written to install stuff when there was some sane way to figure out what to
install.  So the tools are largely reactive.

Putting in a hard warning (e.g., one that requires hitting enter) might be
okay for some class of problematic behavior.  Deeper searching of links
could be handled this way, though for now we'd have to actually look in
those pages and only warn if something was found... so there'd be many of
the same problems but at least a path to removing the behavior completely.

-- 
Ian Bicking  |  http://blog.ianbicking.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100617/ecabbfef/attachment.html>