On Feb 10, 2016, at 10:08 AM, Paul Moore wrote: >But those people will then find that distributing their sources isn't >something that flit covers, so they'll make up their own approach (if it were >me, I'd probably just point people at the project's github account). > >Once people get set up with a workflow that goes like this (build >wheels and point people to github for source) it'll be harder to >encourage them later to switch *back* to a process of uploading >sources to PyPI. > >And that I do think is bad - that we end up pushing people who would >otherwise happily use PyPI for source and binary hosting, to end up >with a solution where they host binaries only on PyPI and make the >source available via another (non-standardised) means.
That worries me a lot. Think of the downstream consumers who aren't end users, e.g. Linux distro developers. Some distros have strict requirements on the availability of the source, reproducibility of builds, and so on, along with stacks of tooling that are built on downloading tarballs from PyPI. It's not impossible to migrate to something else, but it's impractical to migrate to dozens of something elses. Right now, if we can count on PyPI having the source in an easily consumable lowest common denominator format, the friction of providing those packages to *our* end users, and updating them in a timely manner, is often minimal. Changing that ecosystem upstream of us, either deliberately or otherwise, will likely result in more out of date packages in the distros. Cheers, -Barry
pgpI7uxU9PrYr.pgp
Description: OpenPGP digital signature
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
