On May 13, 2009, at 12:41 PM, Andreas Jung wrote: > On 13.05.09 18:38, Jim Fulton wrote: >> On May 13, 2009, at 12:04 PM, Tres Seaver wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Patrick Gerken wrote: >>> >>> >>>> I start being scared of using pypi. >>>> >> I wonder why. >> >> >>> You should be *very* afraid of depending on PyPI for softare rolled >>> into >>> production. >>> >> Why do you think he should be afraid? > Packages or releases might disappear - intentionally or > unintentionally - > in both cases a buildout with fixed pinned version may fail.
That's a minor issue at this point, because: - We now know not to remove releases. - If you are using something in production, you should archive the necessary source releases, using a tool like zc.sourcerelease. IOW, you shouldn't do production deployments using a dynamic assembly mechanism. Jim -- Jim Fulton Zope Corporation _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )