-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I retract this proposal and accepting the fact that obviously nobody outside the Zope/Plone world is really interested in bringing PyPI forward and putting the freedom to register and upload packages in whatever state to PyPI over the needs of a well-maintained and reliable package index. After almost 20 years I am still under the impression that we are still in the kindergarten.
Deeply frustrated, Andreas Andreas Jung wrote: > Hi there, > > I propose a policy change for packages registered with PyPI: > > - packages registered on PyPI have at least one release > > - one release of registered package on PyPI _must_ contain > a valid source code distribution (sdist) > > - packages registered on PyPI without releases or without > source code release are subject to be removed after N days > after the day of registration > > Why? > > Any package registered on PyPI is possibly crucial to any kind of > development and deployment. > > Packages hosted on external servers (referenced through a download_url) > are subject to come and go - packages once released should be available > at any time from a well-known location (PyPI). Dependencies on the > availability of external downloads servers other than PyPI are hardly > acceptable for real-world development and deployments. > > As an example: the Plone CMS buildouts depend on python-openid. > This package is registered with PyPI > > http://pypi.python.org/pypi/python-openid > > but references to > > http://openidenabled.com/files/python-openid/packages/python-openid-2.2.4.tar.gz > > For whatever reason the download URL is no longer working. In fact: > openidenabled.com now points to http://www.janrain.com. > > Other reasons for disappearing package in the past: > > - network or server outages of external servers > - users changed their organization and the organization removed > content of their former employees > > PyPI is a valuable and crucial resource for Python development. > It must be kept up-to-date and consistent. > > I don't care about the arguments that were made in the past against > stronger rules ("openness" etc.). > > There are a lot of Python programmers around that are not Python geeks > as most of us are and they just become pissed of when packages come and > go or are not in the place where one would expect them. > > PyPI is a community resource - but community does not mean anarchy where > everyone should be able to upload its package crap without looking left > and right and having the community and its needs in mind. > > PyPI must become a stable package index. Everything registered with PyPI > must be available at any time (mirrors, distributing PyPI in the cloud...). > > Andreas > - ------------------------------------------------------------------------ _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig - -- ZOPYX Limited | zopyx group Charlottenstr. 37/1 | The full-service network for Zope & Plone D-72070 Tübingen | Produce & Publish www.zopyx.com | www.produce-and-publish.com - ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwa7NoACgkQCJIWIbr9KYxOpgCcD6DBM0ThxmShMrOzFQEAJkye ZVoAoMavJSWWfTg/3ahy1X3bQ5PN7bLk =7/GJ -----END PGP SIGNATURE-----
<<attachment: lists.vcf>>
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
