On 1/30/2012 5:27 AM, M.-A. Lemburg wrote:
Donald Stufft wrote:
It puts the integrity of my (proverbial my) software in the hands
of a disparate group of authors who may or may not have the same
stringent testing that I do. Any python application that get's
installed from PyPI is at risk of mysteriously breaking, even with
a "known good" configuration. These bugs are often hard to track
down, and very confusing and difficult to determine why they are
occurring when they never did before.
PyPI uploads get stored with a hash sum, so any such changes can
easily be recognized on the client side, if there's a need.
Or redistribute the exact files themselves, as some apps do with cpython.
--
Terry Jan Reedy
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
