On 6/16/2010 9:22 PM, Andreas Jung wrote:
As an example: the Plone CMS buildouts depend on python-openid.
This package is registered with PyPI
http://pypi.python.org/pypi/python-openid
but references to
http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz
For whatever reason the download URL is no longer working. In fact:
openidenabled.com now points tohttp://www.janrain.com.
This is one of the limitations with z3c.pypimirror that prompted me to
write my own "mirroring" solution. I have a configuration file which
allows me to "override" package metadata for such "crap" data in PyPI.
Things like PyPI entry for a package pointing to an older version of
tarball, no tarball at all or broken link such as the one you mentioned
here.
PyPI is a valuable and crucial resource for Python development.
It must be kept up-to-date and consistent.
I don't care about the arguments that were made in the past against
stronger rules ("openness" etc.).
There are a lot of Python programmers around that are not Python geeks
as most of us are and they just become pissed of when packages come and
go or are not in the place where one would expect them.
PyPI is a community resource - but community does not mean anarchy where
everyone should be able to upload its package crap without looking left
and right and having the community and its needs in mind.
PyPI must become a stable package index. Everything registered with PyPI
must be available at any time (mirrors, distributing PyPI in the cloud...).
BTW, I posted a similar proposal in distutils-sig@ before, and it lead
to nowhere. I have no hope as to this one either. :-/
So much for participating in a community.
-srid
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
