On May 13, 2014, at 7:16 AM, Stefan Krah <stefan-use...@bytereef.org> wrote:
> FreeBSD ports have been using the download-from-many-but-verify strategy > for a long time. I don't see why users should find this surprising. The difference is in expectations which is a function of what the “normal” is. For FreeBSD ports it is normal for those ports to use the download-from-many-but-verify strategy. That is the primary mode of operation and for anyone using FreeBSD you know that going into it. However for PyPI it is normal for projects to be hosted on PyPI and the projects which are not hosted on PyPI are the outliers which break user expectations. Further more, far more of the installs on PyPI come from linux than come from FreeBSD and it stands to reason that we can infer that at least some significant portion of those users are incredibly more familiar with Linux systems than FreeBSD. For Linux distros it is much more common for them to use a dedicate repository model where packages are downloaded from specific locations instead of from wherever the packages might be originally hosted at. This further strengthens the idea that a user is expecting PyPI to act as a repository and not an index. You can see some stats I compiled a few months ago based on PyPI’s logs here https://gist.github.com/dstufft/8455306#downloads-by-operating-system. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
