On May 13, 2009, at 1:15 PM, Tres Seaver wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jim Fulton wrote: > >> - We now know not to remove releases. > > Not everybody does: I've seen folks *recently* re-upload a changed > release without bumping the version number; and "we" is a much > narrower > set than the set of all PyPI maintainers.
Well, at some point you have to take into account the skills of the maintainers when considering whether to use a package. I personally haven't been burned by this, so I hardly think this is a cause for "fear". >> - If you are using something in production, you should archive the >> necessary >> source releases, using a tool like zc.sourcerelease. >> >> IOW, you shouldn't do production deployments using a dynamic >> assembly mechanism. > > Which is exaclt what I said: > > >>>> You should be *very* afraid of depending on PyPI for softare rolled >>>> into production. I don't consider the 2 statements to be the same. I had a feeling that that was what you meant, at least on some level. I use PyPI when creating source releases. I use source releases (actually binary rpms built from source rpms built from source releases) for deployment. The impression I think you're giving is that people should avoid PyPI and need to build their own indexes and I just don't agree with that. Jim -- Jim Fulton Zope Corporation _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )