On 20 July 2012 08:30, Cédric Krier wrote:
> On 20/07/12 07:46 +0530, Teagarden wrote:
>> On 20-Jul-2012, at 1:54 AM, Cédric Krier wrote:
>>
>> > On 19/07/12 22:03 +0200, Sergi Almacellas Abellana wrote:
>> >> Why we don't add tryton.org (or the tryton foundation) in Package
>> >> Index Owner and Package Index Maintainer to denote an official
>> >> module? The rest of the modules will have it's own maintainer
>> >> denoting that it isn't an official module.
>> >>
>> >> It makes sense to me. What do you think?
>> >
>> > Because it doesn't prevent name collision.
>>
>> Name collision seems to be the primary problem we are trying to
>> solve. I agree with the issue and we are ready to move our modules
>> to a *new* naming scheme too, and may be most of us in this
>> community will too, but that doesn't really solve the problem because
>> anybody could still create packages on pypi under the tryton namespace
>> ? And if it is his *intention* to do it, we might have little or no
>> influence over it either.
>
> We could have some way to put pression on the "bad" guys:
>
> - Bad advertising
> - Sue for using the Trademark "Tryton"
> …
>
>> My preferred solution to the problem would be hosting our own pypi
>> which serves the official modules and perhaps the community ones too.
>> The package index could perhaps be regulated by a 'packaging sig',
>> which could arbitrate on name clashes and disputes.
>
> I would prefer to not have to do that and stay in the Python community.
> But in the last resort, it is a solution.
This message on the gnu heath mailing list [0] is very timely, and
appropriate for this discussion.
Do you think package signing and verification would be a good idea on
pypi to help eliminate the question of "is it an official package?"
[0] http://lists.gnu.org/archive/html/health/2012-07/msg00021.html
--
Craig
'The first time any man's freedom is trodden on - we are all damaged.'
Jean-Luc Picard
() ascii ribbon campaign - against html mail
/\
--
--
tryton@googlegroups.com mailing list