Chris Angelico <ros...@gmail.com>: > On Sun, Oct 15, 2017 at 5:20 AM, Marko Rauhamaa <ma...@pacujo.net> wrote: >> Even better: >> >> sudo dnf install python3-pytz > > How is that better? It's the same thing, packaged differently, and > thus only available on Red Hat-family systems, and depends on the > update cycle of your OS.
Use the native updater your distro. Several nice things follow from the OS packaging: * You don't have to have *two* separate security update/bug fix streams. Once you've added pytz to your OS package collection, you'll get updates with the routine OS updates. * You have the benefit of a major outside entity vetting your packages. PyPI doesn't have any such oversight: <URL: https://arstechnica.com/in formation-technology/2017/09/devs-unknowingly-use-malicious-modules-pu t-into-official-python-repository/>. (Of course, one shouldn't overestimate the security of volunteer-maintained distros, either, but PyPI allows anybody to submit any junk they want.) * If you want to release your software to others, your third-party dependency statement becomes more concise and possible more acceptable to your customer. Also, you don't have to ship the third-party package yourself. Your customer likely knows how to update native distro packages, but may not be familiar with Python and its ecosystem. Depending only on the distro relieves you from educating your customer about PyPI. Marko -- https://mail.python.org/mailman/listinfo/python-list