On 2010-06-17 06:22:32 +0200, Andreas Jung <[email protected]> said:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi there,
I propose a policy change for packages registered with PyPI:
- packages registered on PyPI have at least one release
- one release of registered package on PyPI _must_ contain
a valid source code distribution (sdist)
- packages registered on PyPI without releases or without
source code release are subject to be removed after N days
after the day of registration
Why?
Any package registered on PyPI is possibly crucial to any kind of
development and deployment.
Packages hosted on external servers (referenced through a download_url)
are subject to come and go - packages once released should be available
at any time from a well-known location (PyPI). Dependencies on the
availability of external downloads servers other than PyPI are hardly
acceptable for real-world development and deployments.
I second that. External download URLs are really a pain.
I don't think that removing packages that way would really solve the
problem. I think the core is:
* Require the package to have a source dist *on* PyPI
* Forbid removing any source package.
[...]
PyPI must become a stable package index. Everything registered with PyPI
must be available at any time (mirrors, distributing PyPI in the cloud...=
).
ack.
--
Christian Zagrodnick · [email protected]
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
