On 2014-09-30 11:06:40 +0200 (+0200), M.-A. Lemburg wrote:
[...]
> You're regularly bringing up this argument.
> 
> Let's just be fair here: external hosting of packages has been
> made so user unfriendly in recent pip releases, that this has
> pretty much become a non-option for anyone who wants to create a
> user friendly package installation environment.
[...]

And I'm seeing this argument regularly brought up as well. As a
heavy user of Python packages and someone who maintains very large
systems depending on them, I had a hard time trusting pip back when
it still would spontaneously grab software from wherever the
upstream author had decided to stick it that day (with whatever
hosting stability issues that implied). Our projects would regularly
audit our hundreds of requirements just to make sure nobody
*accidentally* added one which was hosted off PyPI, and that our
dependencies hadn't suddenly decided to start sticking new releases
off PyPI.

The suggestion that some developers want to control their release
process *so* tightly that they host their software in random places
without uploading them to the community package system or quietly
replace broken releases with new packages using the same version
numbers is a non-argument as far as I'm concerned. The software
authors I've talked to in these cases are pretty much always easily
convinced that those are troublesome behaviors (once it's pointed
out) and readily adjust their release processes to a more
user-friendly end result.

If there are a few who are so completely insistent on continuing in
this manner the projects I work on will not use them (for our own
sanity), and if pip and PyPI implement assurances against these
which have a side effect of driving *those particular* development
teams off of the community packaging channel then that can only be a
positive net effect in my opinion.
-- 
Jeremy Stanley
_______________________________________________
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Reply via email to