On 13.05.2014 13:46, Donald Stufft wrote: > > On May 13, 2014, at 7:16 AM, Stefan Krah <stefan-use...@bytereef.org> wrote: > >> FreeBSD ports have been using the download-from-many-but-verify strategy >> for a long time. I don't see why users should find this surprising. > > The difference is in expectations which is a function of what the “normal” is. > > For FreeBSD ports it is normal for those ports to use the > download-from-many-but-verify > strategy. That is the primary mode of operation and for anyone using FreeBSD > you know > that going into it. > > However for PyPI it is normal for projects to be hosted on PyPI and the > projects which > are not hosted on PyPI are the outliers which break user expectations.
I don't think that users generally have such expectations. They just want to run their favorite installer using "myinstaller install package" and get the package installed - the same expectation they have on Linux distributions, on FreeBSD and other systems with installation managers. For most people, it is not important where the installers get their packages from. They trust the installers to do the right thing. So from that perspective, we as Python developers need to make sure that users can trust the installers and infrastructure used by these (module some definition of trust). And with Python developers I'm not only talking about PyPI and installer developers. I'm talking about all Python package developers as well. This is a discussions that needs to be had between more people than just the few people participating in this thread, since it affects far more people and the whole Python eco system. Taking a step back: PyPI is still mainly the Python registry for mapping package names to URLs and descriptions. Hosting of distribution files and (less so) documentation has become an important extra feature (and is now, after all the hard work you put into it, finally in a usable state), but it's not the core of what PyPI, the Python Package Index, is all about. What the team PyPI + installer should thus address is to satisfy the user trust is to provide a safe way to get packages installed. This does not out-rule packages that have to be downloaded from other indexes or URLs. PyPI and the installers should make it easy for the users to install all packages in Python Land, not only the ones hosted on PyPI. In that context, I find the language being used in these discussions referring to "internal" and "external" packages somewhat misleading. Such a distinction is not needed, since packages hosted on PyPI are in no way better, or of higher value, than packages hosted elsewhere. In other systems, PyPI hosting would just be called a repository, one of many which can be used to download packages from. And it's not uncommon at all to have projects use their own repositories for their packages on such systems. > Further more, far more of the installs on PyPI come from linux than come from > FreeBSD > and it stands to reason that we can infer that at least some significant > portion of those > users are incredibly more familiar with Linux systems than FreeBSD. For Linux > distros > it is much more common for them to use a dedicate repository model where > packages > are downloaded from specific locations instead of from wherever the packages > might be > originally hosted at. This further strengthens the idea that a user is > expecting PyPI to > act as a repository and not an index. > > You can see some stats I compiled a few months ago based on PyPI’s logs here > https://gist.github.com/dstufft/8455306#downloads-by-operating-system. I don't understand what OS choices have to do with this discussion. Users of apt-get, rpm or FreeBSD's ports are usually not bothered with having to edit config files for their installers to find packages. I think that's the main point here. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, May 14 2014) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig