On July 24, 2014 at 8:23:59 AM, Stefan Krah (ste...@bytereef.org) wrote:
Richard Jones <r1chardj0...@gmail.com> wrote:
> There still remains the usability issue of unsophisticated users running into
> external indexes and needing to cope with that in one of a myriad of ways as
> evidenced by the PEP. One solution proposed and refined at the EuroPython
> gathering today has PyPI caching packages from external indexes *for packages
> registered with PyPI*. That is: a requirement of registering your package
> (and
> external index URL) with PyPI is that you grant PyPI permission to cache
> packages from your index in the central index - a scenario that is ideal for
> users.
-1. That is unlikely to solve the draconian-terms-and-conditions problem
and one reason to host externally is to get your own download statistics.
The ToS is not draconian, it is a minimal ToS which allows PyPI to function.
If people want/need additional stats we can add them to PyPI. This is on the
TODO list anyways.
> Organisations not wishing to do that understand that they're the ones
> causing the pain for users.
No. First, checksummed external packages could be downloaded without asking
at all. Second, if international authors are required to study US export law
before uploading, I wonder who is causing the pain.
With PEP 470 you are not required to study anything nor upload to PyPI, if you
wish to host outside of PyPI you simply host an external index, which is as
simple as a plain html file with links to the downloadable files.
Finally, how can an author cause pain for users? Without him, the work
would not be there in the first place.
I’m not quite sure how to answer this. It’s quite obvious that an author’s
choices can cause pain for a user. For example, the author could have an option
where if specified it silently deleted the entire filesystem of the user. This
would be incredibly painful for the end user (assuming they didn’t want that of
course).
Now a project is owned by the author, so they are allowed to choose to do
things which cause pain for end users, and end users get to make a choice about
whether it’s worth using that project even with the pain incurred from the
author’s choices. The reason we don’t download checksummed external packages by
default any more is because they *do* represent a choice that causes pain for
end users and thus users should be aware they are making that choice.
Stefan Krah
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
--
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
