-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Ramm wrote: > This would also impact projects like turbogears (perhaps we're the > only one, I don't know) that point to our own pypi compatable index > with the download URL.
Your *index* is the download URL, or the tarball in the index? > We do this because then we can fix things > like packages with no windows eggs, packages that are broken on PyPi > or whatever. And to help control which versions of which packages > get installed by settuptools/distribute when you easy_install tg. > > I'm fine with putting sdists up on pypi, but still want people to be > downloading files from our controlled index by default where possible. Exactly. Anybody who says "repeatable deployment" and "install from PyPI" in the same breath is fooling themselves already. - - People rename projects on PyPI. - - People remove distributions from PyPI. - - People *replace* distributions on PyPI. All of which make it impossible to reliably and repeatably deploy arbitrary software configurations (directly) from PyPI. Managing your own project-specific index is the only real solution. Gonna-shoot-the-next-programmer-who-tells-me-don't-make-me-think'ly Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [email protected] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkwaOFQACgkQ+gerLs4ltQ7m4gCeMm5iCTBsZnLIFAY92ivjSs+f uXcAn0NCff1qBu2HscoJzmfB/kQ7v7sA =d2HM -----END PGP SIGNATURE----- _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
