-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there,
I propose a policy change for packages registered with PyPI: - packages registered on PyPI have at least one release - one release of registered package on PyPI _must_ contain a valid source code distribution (sdist) - packages registered on PyPI without releases or without source code release are subject to be removed after N days after the day of registration Why? Any package registered on PyPI is possibly crucial to any kind of development and deployment. Packages hosted on external servers (referenced through a download_url) are subject to come and go - packages once released should be available at any time from a well-known location (PyPI). Dependencies on the availability of external downloads servers other than PyPI are hardly acceptable for real-world development and deployments. As an example: the Plone CMS buildouts depend on python-openid. This package is registered with PyPI http://pypi.python.org/pypi/python-openid but references to http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz For whatever reason the download URL is no longer working. In fact: openidenabled.com now points to http://www.janrain.com. Other reasons for disappearing package in the past: - network or server outages of external servers - users changed their organization and the organization removed content of their former employees PyPI is a valuable and crucial resource for Python development. It must be kept up-to-date and consistent. I don't care about the arguments that were made in the past against stronger rules ("openness" etc.). There are a lot of Python programmers around that are not Python geeks as most of us are and they just become pissed of when packages come and go or are not in the place where one would expect them. PyPI is a community resource - but community does not mean anarchy where everyone should be able to upload its package crap without looking left and right and having the community and its needs in mind. PyPI must become a stable package index. Everything registered with PyPI must be available at any time (mirrors, distributing PyPI in the cloud...). Andreas - -- ZOPYX Limited | zopyx group Charlottenstr. 37/1 | The full-service network for Zope & Plone D-72070 Tübingen | Produce & Publish www.zopyx.com | www.produce-and-publish.com - ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwZowgACgkQCJIWIbr9KYyclQCglMaIFnObClOn3sPfwBWbnV1w YboAoL8OSErCHFi0nXD4tbF8VnYgbc/i =3m/N -----END PGP SIGNATURE-----
<<attachment: lists.vcf>>
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
