On 25 Jul 2014 17:46, "Chris Withers" <ch...@simplistix.co.uk> wrote: > > On 24/07/2014 17:44, Daniel Holth wrote: >> >> Also, reject uploads that are not released under a DFSG license > > > What's a DFSG license> > >> or lack >> man pages. > > > Are you serious?
I took it as a sarcastic comment cryptically expressing disagreement with the notion of accommodating reasonable requests from redistributors by positing a slippery slope argument where we start asking upstream to enforce evermore of our policy guidelines to make our lives easier, even when those changes aren't of any benefit to *arbitrary* redistributors (let alone folks doing their own system integration). With a Linux vendor employee responsible for approving the packaging metadata PEPs, I think it's a reasonable concern (although it could have been better expressed). However, while access to a source tarball (or the ability to create one) is indeed a gating criterion for entry to downstream build systems, I don't think *mandating* source package upload to PyPI is a necessary part of the answer. We can nudge people in that direction, and make uploading source in addition to binaries the path of least resistance, but I don't think we need to cross the line into enforcement. Packages without readily available source uploads just won't be redistributed (except in cases like OpenStack where we get the original source from somewhere else). Cheers, Nick. > > Chris > >> >> On Jul 24, 2014 11:57 AM, "Donald Stufft" <don...@stufft.io >> <mailto:don...@stufft.io>> wrote: >> >> On July 24, 2014 at 7:28:55 AM, Richard Jones >> (r1chardj0...@gmail.com <mailto:r1chardj0...@gmail.com>) wrote: >>> >>> Several great ideas came out of today's meetup. Some of those I'll >>> leave to the proponents themselves to post about, but a couple of >>> little nuggets for thought: >>> >>> 1. reject wheel uploads in the absence of an sdist in the index >>> (the linux guys were really happy about that as a proposal ;) >> >> >> This is gonna make openstack sad I think… They were relying on the >> fact that pip prior to 1.4 didn’t install Wheels, and pip 1.4+ has >> the pre-releases are excluded by default logic to publish >> pre-releases safely to PyPI. >> >> I’m not generally opposed though. Just stating that this will >> prevent that “trick” from working. >> >>> >>> 2. add a system-wide configuration option to pip etc. so that >>> there could be a system-wide override of the package index to use >> >> >> Yea this was already on my list of things to do when I refactor the >> configuration stuff to use locations which are more in line with >> what the OS norms are (XDG on *nix, ~/Library on OSX, %AppData% >> stuff on Windows). >> >> -- >> Donald Stufft >> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 >> 3372 DCFA >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG@python.org >> <mailto:Distutils-SIG@python.org> >> https://mail.python.org/mailman/listinfo/distutils-sig >> >> >> ______________________________________________________________________ >> This email has been scanned by the Symantec Email Security.cloud service. >> For more information please visit http://www.symanteccloud.com >> ______________________________________________________________________ >> >> >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG@python.org >> https://mail.python.org/mailman/listinfo/distutils-sig >> > > -- > Simplistix - Content Management, Batch Processing & Python Consulting > - http://www.simplistix.co.uk > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig