[Distutils] Immutable Files on PyPI

M.-A. Lemburg mal at egenix.com
Mon Sep 29 11:04:17 CEST 2014 

On 29.09.2014 00:51, Nick Coghlan wrote:
> On 29 Sep 2014 07:37, "M.-A. Lemburg" <mal at egenix.com> wrote:
>>
>> -1.
>>
>> It does happen that files need to be reuploaded because of a bug
>> in the release process and how people manage their code is really
>> *their* business, not that of PyPI.
>>
>> FWIW, I am getting increasingly annoyed how PyPI and pip try to dictate
>> the way package authors are supposed to build, manage and host their
>> Python packages and release process. Can we please stop this ?
> 
> As others have noted, these changes represent the PyPA being opinionated on
> behalf of the user community, to provide the best possible user experience
> for the overall Python ecosystem.

See my reply to Donald. I find this wrong on several different levels.

PyPI is run by the PSF, it's a community resource we provide for
package authors and downloaders. We (the PSF) don't take sides.
Instead, we want to help everyone feel at home: the package authors who
provide the Python eco system with fresh software, as well as the
users who greatly benefit from this software.

The PyPA takes care of the technical aspects of this, but not
the ethical and community building aspects.

> We'll accommodate the existing publisher community as far as is feasible
> (that's why PEP 440 is as complicated as it is, for example), but there are
> going to be times where improving the end user experience means adding new
> constraints on publishers.
> 
> External hosting (using PyPI as an index, without also using it for release
> file hosting) is the primary "escape clause" for software publishers that
> prefer to do things differently from the way PyPI does them. That's a user
> experience we'll also continue to work to improve, to ensure it is clear
> that it's a fully supported part of the distribution model.

Right, so authors will move away from PyPI and put their stuff
up elsewhere. Now, how does this help our community ?

What if people find that they can only get packages using
conda instead of pip, or only by cloning from github, because
package authors don't want to bother cutting distribution
files anymore ?

Do you seriously want to force package authors to cut a new release
just because a single uploaded distribution file is broken for
some reason and then ask all users who have already installed one
of the non-broken ones to upgrade again, even though they are not
affected ?

Please repeat with me: Package authors care for their users :-)

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 29 2014)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2014-09-30: Python Meeting Duesseldorf ...                      tomorrow

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the Distutils-SIG mailing list