If I might chime in, I am a bit worried about all the automatic installation 
going on in galaxy, and it seems that the trend is to enhance this.
A small R or python script calling into well known libraries that come from 
well known repositories (bioconductor etc… ) I can check.
(Of course I install too much stuff from github, bioconductor etc… without 
> I'm not sure it is comparable to a entire Linux distribution, its more
> like an Appstore, like pypi, bioconductor or gems, and yes that is

The app stores are checked by Apple or google for malicious code, the apps are 
There are many eyes for python, bioconductor packages and gems because much 
more people interact with
them directly compared to galaxy-tools.

> Sorry maybe I was misleading. I only want a central storage for
> binaries/tarballs where the source can not be trusted for long term.
> 'long term' and 'trusted' needs to be defined in such a discussion here.
> I do not think we should copy python packages that are stored in pypi.
> We should make it easy as possible to install them in our repository. If
> you do not trust pypi, we can offer a mirror. Some goes for gems.

Trusted for me means I trust the source not having dangerous code. I trust pypi
more than some mirror, bioconductor base packages from more than some freshly 
published package 
that few people have used, tools from galaxy core developers more than from 
tool-shed etc…
I know this is not the type of trust you were talking about.

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

To search Galaxy mailing lists use the unified search at:

Reply via email to