[Distutils] Sooner or later, we're going to have to be more formal about how we name packages.
Nick Coghlan
ncoghlan at gmail.com
Sun Jun 2 09:26:07 CEST 2013
On Sun, Jun 2, 2013 at 5:10 PM, holger krekel <holger at merlinux.eu> wrote:
> If pypi has no idea about namespaces (like i considered them in my other post)
> then using namespaces do not really provide much. Someone can still come along
> and publish within that pseudo-namespace. I would think the goal of
> pypi-namespaces would be to give a group control over anything that's
> released using it, allowing to communicate install-users certain guarantees.
>
> However, before further discussion i think there first needs to be more
> reasoning and stating of practical problems with the current
> anyone-can-register-anything-that's-not-taken model.
TUF actually has native support for prefix delegation, but actually
*using* that is a long way down the todo list at the moment. Static
dependency metadata publication and end-to-end signature support are
well ahead of it and will likely keep us collectively busy for a while
yet.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list