On Mar 20, 2013, at 12:45 PM, Paul Moore <[email protected]> wrote:
> On 20 March 2013 16:31, Nick Coghlan <[email protected]> wrote: >> Then the pip developers, for example, could say "we trust Christoph to >> make our Windows installers", and grant him repackager access so he >> could upload the binaries for secure redistribution from PyPI rather >> than needing to host them himself. > > Another axis of the same idea would be to allow people to upload > "unofficial" binaries. The individual would not need to be confirmed > as trusted by the project, but his uploads would *not* be visible by > default on PyPI. Users would be able to "opt in" to builds by that > individual, and if they did, those builds would be merged in with > what's on PyPI. > > That model is much closer to how Christoph is actually working at the > moment - people can choose whether to trust him, but if they do they > can get his builds and the upstream projects don't get involved. > > Paul > _______________________________________________ > Distutils-SIG maillist - [email protected] > http://mail.python.org/mailman/listinfo/distutils-sig Why can't unofficial binaries just use a separate index? e.g. Christoph can just make an index with his binaries. This solution also works well if someone wants to maintain a curated PyPI. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
