On Sun, Oct 15, 2017 at 7:57 AM, Marko Rauhamaa <ma...@pacujo.net> wrote: > Chris Angelico <ros...@gmail.com>: > >> On Sun, Oct 15, 2017 at 5:20 AM, Marko Rauhamaa <ma...@pacujo.net> wrote: >>> Even better: >>> >>> sudo dnf install python3-pytz >> >> How is that better? It's the same thing, packaged differently, and >> thus only available on Red Hat-family systems, and depends on the >> update cycle of your OS. > > Use the native updater your distro. > > Several nice things follow from the OS packaging: > > * You don't have to have *two* separate security update/bug fix > streams. Once you've added pytz to your OS package collection, you'll > get updates with the routine OS updates. > > * You have the benefit of a major outside entity vetting your packages. > PyPI doesn't have any such oversight: <URL: https://arstechnica.com/in > formation-technology/2017/09/devs-unknowingly-use-malicious-modules-pu > t-into-official-python-repository/>. > > (Of course, one shouldn't overestimate the security of > volunteer-maintained distros, either, but PyPI allows anybody to > submit any junk they want.) > > * If you want to release your software to others, your third-party > dependency statement becomes more concise and possible more > acceptable to your customer. Also, you don't have to ship the > third-party package yourself. > > Your customer likely knows how to update native distro packages, but > may not be familiar with Python and its ecosystem. Depending only on > the distro relieves you from educating your customer about PyPI.
* You get into the habit of posting distro-specific (not just OS-specific) commands to global mailing lists. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
