Tristan Seligmann <> writes:

> With my upstream developer hat on: source packages on PyPI are meant for
> end users to install via pip. They often include generated artifacts, and
> don't include things that aren't intended for installation via pip (tests
> being just one of these).
> For distribution packaging purposes, the GitHub tags are generally
> preferrable. GitHub makes archives of tagged releases available as
> tarballs, so this is generally a simple tweak to debian/watch.

I use to have this attitude too. However now I have reconsidered.

Far better to to retrieve source packages from PyPI.

For example, it is possible to have signed uploads to PyPI and have
uuscan automatically check the signature. This is not the case for

packages that use setuptools-scm is another example - as a (over?)
simplification this requires files in the PyPI distribution, although
perhaps that is a topic best left for another discussion.
Brian May <>

Reply via email to