Christopher Barker writes: > So the odds that there's a package that does what you need are > good, but it can be pretty hard to find them sometimes -- and can > be a fair bit of work to sift through to find the good ones -- and > many folks don't feel qualified to do so.
"Fair bit of work sifting" vs. "very hard work writing your own of higher quality" sounds like a VeryGoodDeal[tm] to me. As for "unqualified", if it's OK to be writing a program where you're unqualified to evaluate dependency packages, maybe it really doesn't matter if the package is best of breed? There are lots of programs where it doesn't matter, obviously. But if there's problem, it won't be solved by curation -- even best of breed is liable to be misused. > 4) A self contained repository of packages that you could point > pip to -- it would contain only the packages that had met some > sort of "vetting" criteria. In theory, anyone could run it, but > a stamp of approval from the PSF would make it far more > acceptable to people. This would be a LOT of work to get set > up, and still a lot of work to maintain. Why "self-contained"? I always enter PyPI through the top page. I'd just substitute curated-pypi.org's top page. Its search results would be restricted to (or prioritize) the curated set, but it would take me to the PyPI page of the recommended package. Why duplicate those pages? Would you also duplicate the storage? The only reason I can imagine for doing a "deep copy" would be to avoid the accusation of piggybacking on PyPI's and PyPA's hard work. Even if maintaining separate storage, many developers who use it would still depend on pip -- which gives priority to PyPI. They'd use the curated site to choose a package, but then just write its name in requirements.txt -- and of course that would work. So you don't even really avoid depending on PyPI for bandwidth (of course PyPI is going to spend on storage, anyway, so that doesn't count). > Personally, I think (4) is the best end result, but probably the > most work as well[*], so ??? Setup is pretty straightforward, maybe expensive if you go the self-contained route. But all the extra ongoing work is curation. And that's *really* hard to sustain. Riffing on "curated-pypi.org", I think it would be difficult to get "curated DOT pypi.org" for the reasons that have been repeatedly advanced, but why not your_team_name_here.curated.pypi.org? Set up a Patreon and get the TechDirt guy or somebody like that to write a monthly column reviewing the curators (once you get a lot, call it "featured curators", probably with the excuse that they specialize in some application field) or soliciting curators as the curated.pypi.org page. Steve _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/ZE4ZO4HZFJJCLAD3OOVMLRWI3WW6BLGD/ Code of Conduct: http://python.org/psf/codeofconduct/
