On May 13, 2009, at 12:47 PM, Andreas Jung wrote: > On 13.05.09 18:44, Jim Fulton wrote: >> >> On May 13, 2009, at 12:41 PM, Andreas Jung wrote: >> >>> On 13.05.09 18:38, Jim Fulton wrote: >>>> On May 13, 2009, at 12:04 PM, Tres Seaver wrote: >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Patrick Gerken wrote: >>>>> >>>>> >>>>>> I start being scared of using pypi. >>>>>> >>>> I wonder why. >>>> >>>> >>>>> You should be *very* afraid of depending on PyPI for softare >>>>> rolled >>>>> into >>>>> production. >>>>> >>>> Why do you think he should be afraid? >>> Packages or releases might disappear - intentionally or >>> unintentionally - >>> in both cases a buildout with fixed pinned version may fail. >> >> >> That's a minor issue at this point, because: >> >> - We now know not to remove releases. > > Jup, we know but some package maintainers outside the Zope world > don't. >> >> - If you are using something in production, you should archive the >> necessary >> source releases, using a tool like zc.sourcerelease. > > One option or Tres solution: having a dedicated local index on a per- > project > basis or a local egg server or a (partial) local PyPI mirror.
That's an option. It takes a lot of work. I don't have a problem with people doing that. I just don't like this meme of "fearing" pypi. Jim -- Jim Fulton Zope Corporation _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )