Martijn Faassen <[email protected]> writes: > I don't work in a vacuum. I share code with others. This code has > dependencies on other code. So how do people obtain this other code?
By depending on other code, you have a choice to make: you either take the maintenance burden on yourself, or you delegate the maintenance burden (usually to the developers of that code). By delegating the maintenance burden of that code elsewhere, that entails delegating the responsibility for future availability of that code. > PyPI I thought was among other things central place where people can > download and install packages from so that they can resolve > dependencies, but you seem to be arguing against doing that. I find it strange that I'm defending PyPI in this instance, since I am quite sympathetic to complaints that it has poor policies on package availability and many other complaints. But you seem to expect that PyPI must guarantee that any package version ever available will be available forever. That's not reasonable, I think. Instead, you need to choose packages considering whether you trust the package to remain available, which is a social issue between you and the people developing that work. If you think there is a significant risk the people responsible for that package will remove a version on which you depend from PyPI, you should engage in dialogue with those people to resolve that. I don't think PyPI has any business requiring package developers to keep a version available at PyPI beyond when they want it available there. The risks inherent in that need to be addressed as a social issue, not a technical limitation. > At most it's some kind of showcase for packages that peoples should > take into their consideration. Taking this point to the extreme, it's > *never* something that you can automate downloading from. There are points that can be made toward that view; but I don't find this specific case (wanting guaranteed availability of every version forever at PyPI) supports it. > Instead you should be giving a giant tarball of packages to everybody, > always, if they use your code at all. This is indeed a terrible option, and I lament it whenever I see it. I prefer supporting the efforts of those who *do* provide reasonable guarantees of package selection and availability and integration testing. We call them “operating system distributions”. -- \ “In general my children refuse to eat anything that hasn't | `\ danced on television.” —Erma Bombeck | _o__) | Ben Finney _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
