Hi.
This is my first time using an email mailing list so please inform me if this
is not the proper channel. I'm packaging a python application which depends on
LXML. As you're all aware, installing this library on Windows is not the most
straightforward thing due to its laughable lack of pre-installed build tools.
This can be circumvented in several ways which are well documented by LXML,
however, as noted in the website, asking end users to install these tools to
build it from source is usually not feasible. While researching this issue I
learned the [UCI website](https://www.lfd.uci.edu/~gohlke/pythonlibs/#lxml)
maintains Windows specific wheels which allow automating the process of
installing them through PIP.
Having these wheel files is great because it completely lifts the burden of
fetching and building the dependencies from the user, they can be integrated
with the default pyproject.toml format and are installed automatically as any
other dependency. However, due to PyPI's stupid requirement of not allowing
direct links as stated dependencies, I cannot publish my package there using
this method, as the UCI website is not a trusted a source. I was wondering if
there was some way you could publish these Windows specific wheels on PyPI so
it's easier for other PyPI projects which depend on this library to package for
Windows. This also seems beneficial from a security perspective, since many
people end up relying on an external source for precompiled binaries which are
not necessarily trustworthy. I can't speculate, but there are several
StackOverflow answers with hundreds of thousands of views which point to that
website as the most reliable way of installing LXML on Windows, and should
anyone upload malicious code there, it could be a problem.
Thanks,
Gwyn
_______________________________________________
lxml - The Python XML Toolkit mailing list -- lxml@python.org
To unsubscribe send an email to lxml-le...@python.org
https://mail.python.org/mailman3/lists/lxml.python.org/
Member address: arch...@mail-archive.com
