On May 13, 2009, at 12:41 PM, Andreas Jung wrote:

> On 13.05.09 18:38, Jim Fulton wrote:
>> On May 13, 2009, at 12:04 PM, Tres Seaver wrote:
>>
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Patrick Gerken wrote:
>>>
>>>
>>>> I start being scared of using pypi.
>>>>
>> I wonder why.
>>
>>
>>> You should be *very* afraid of depending on PyPI for softare rolled
>>> into
>>> production.
>>>
>> Why do you think he should be afraid?
> Packages or releases might disappear - intentionally or  
> unintentionally -
> in both cases a buildout with fixed pinned version may fail.


That's a minor issue at this point, because:

- We now know not to remove releases.

- If you are using something in production, you should archive the  
necessary
   source releases, using a tool like zc.sourcerelease.

   IOW, you shouldn't do production deployments using a dynamic
   assembly mechanism.

Jim

--
Jim Fulton
Zope Corporation


_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to