Arun Isaac (2016-10-12 11:46 +0530) wrote: > When packaging python packages, why are we using the source tarballs > hosted on PyPI, rather than using the source tarballs hosted on the > websites of the individual projects? > > For example, for the package python-pycrypto, why are we using the > tarball from PyPI > https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz > instead of the tarball from the pycrypto project website > https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz ? > > Using the PyPI tarball seems to make Guix dependent on another package > repository -- namely, PyPI. That seems to me a bad thing. > > I have packaged a few python packages using the tarballs from their > respective project websites. Should I change them to use the PyPI > tarballs before contributing the package definitions to Guix? Which > tarball should I prefer?
As for me, I always prefer tarballs directly from the upstream. So I wouldn't change those packages to use PyPi sources. -- Alex
