Andreas Jung <[email protected]> wrote: > Honestly I am truly pissed of the by arrogance and ignorance of package > maintainers coming with the very same arguments every time for *not > hosting* at least copies on PyPI. So my clear message is: if you don't > care about the professional developers and theirs by not hosting > packages on PyPI then please stay away...
While you were busy listing your demands, in the last 24 hours three major international banks have successfully downloaded the cdecimal package. My target audience is well aware of best practices. In fact, I provide greater security than PyPI by publishing sha256sums on the announce list when a package is released. What you call "professional development" is just a euphemism for convenience coupled with a false sense of security. No one can guarantee sanity for each of the 18000+ packages. Downloading is not the bottleneck, briefly auditing and making sure that a package actually installs is. Python 3 compatibility is another *real* issue, so perhaps you might want to upgrade your own packages. Stefan Krah _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
