> 1/ Missing packages (eg: Twisted is not there); which is why
> easy_install/pip had to resolve to scrapping project webpages for
> guessing download links. In CPAN, almost all module authors upload their
> sources via PAUSE.

How do you propose to change that? I think it should be the choice
of the package authors whether they upload their software to the
central repository, or to their own home page.

> 2/ No metadata: When only source tarballs are stored
> [pypi.python.org/packages/source/P/Pylons/], what is the reliable way to
> a) get the source for latest version,

Extract a version number from each file name, and sort the versions,
then use the largest (which is 0.9.7 at the moment).

> b) get the source for a particular version?

Put the version number into the file name, and access the resulting
file.

> The former is more of a community issue. Often Python package authors
> are not using `sdist upload` (whereas this seems to be the convention in
> the Perl world).

My guess is that this is enforced by the tools. If they don't upload
to PAUSE, CPAN.pm won't be able to download it.

Now, you are free to build a tool that enforces the same restriction.
I would doubt that people would use it, since it couldn't install
many packages.

> What this means is that PyPI has to serve the purpose of being a central
> package repository (like CPAN) by a) disallowing mere listings (without
> sources) and requiring sources to be stored in the server, b) storing
> the metadata along with the sources (so anyone processing it wouldn't
> have to extract the source and rely on a PKG-INFO file - which may or
> may not exist).

If you want to retrieve the metadata for a specific version without
XML-RPC, you can access

http://pypi.python.org/pypi?:action=doap&name=Pylons&version=0.9.7

Regards,
Martin
_______________________________________________
Distutils-SIG maillist  -  Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig

Reply via email to