Arun Isaac (2016-10-12 11:46 +0530) wrote:
> When packaging python packages, why are we using the source tarballs
> hosted on PyPI, rather than using the source tarballs hosted on the
> websites of the individual projects?
> For example, for the package python-pycrypto, why are we using the
> tarball from PyPI
> instead of the tarball from the pycrypto project website
> https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz ?
> Using the PyPI tarball seems to make Guix dependent on another package
> repository -- namely, PyPI. That seems to me a bad thing.
> I have packaged a few python packages using the tarballs from their
> respective project websites. Should I change them to use the PyPI
> tarballs before contributing the package definitions to Guix? Which
> tarball should I prefer?
As for me, I always prefer tarballs directly from the upstream. So I
wouldn't change those packages to use PyPi sources.