Tres Seaver a écrit : > kiorky wrote:
> I would say that having a package author *not* upload the distributions > is their right, but I would likely avoid using such a package, That depend, people can not upload their packages because previous bad experience, for false generated sdist for example. > just on that basis. Note that I build per-project mirrors of the pacakges I > use > anyway, in part not to depend on either PyPI You depend on them anyway in first place anyway, at the first installation, even in dev or pre-production modes. And having problems at those stages have maybe less drawbacks but you are nevertheless blocked. Having a single archive which supports mirrors "officially" would just be safer than a single archived not officially mirrored with thirdparty satellite mirrors which can be randomly down. And having Personal/Corporate PyPi/eggs mirrors are beyond the scope, here, i think. It's just an additional and mandatory security policy to deploy projects nowodays. > or other download sources > for supporting apps in production: I just prefer to use only > freely-distributable software. As, i think, mostly of us including me. And 99,9% softwares registered on Pypi. So, comes my idea that we would have just to get the source distributions where they are no matter how they would have been generated and mirror them as-is on Pypi which could be the only thing to mirror (and i don't say here that mirroring pypi is synomym of easy, Lennart) to get a bit safer. In a nowodays projet, i get often errors with thirdparty mirrors. It may be just bad chance, but i got problems. > Tres. -- Cordialement, KiOrKY GPG Key FingerPrint: 0x1A1194B7681112AF
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
