Hash: SHA1

Martijn Faassen wrote:

> On 9/28/07, Tres Seaver <[EMAIL PROTECTED]> wrote:
> [snip]
>> Total effort involved in maintaining the "gated community" then becomes
>> keeping a set of tarballs available at some web-downloadable location,
>> and re-running the script after adding / removing them to regenerate
>> the index.
> How many of these communities are you going to need? Why can't you
> simply maintain a list of exact versions with version numbers to pull
> from the cheeseshop instead?

Because you can't trust that packages will not get removed, or even
re-released under the same version number, on PyPI:  not everybody has
the same "package hygeine" ethos.

> This is already possible with the
> versions feature of buildout. I want something where I can maintain
> these lists better for frameworks inside packages, but if you're just
> going to make lists of packages in the end, why mirror? Is this
> because you're using easy_install and you can't use the versions
> feature? Is it because you don't use buildout?

I've been using buildout and its precursors for *years*, and I still
have my "repeatable" builds break on occoasion, e.g.:

 - The Postgres guys decide to yank an older package version from
   their servers because they've released a newerone.

 - Somebody does "repository surgery" in a way which breaks my checkout
   (e.g., because Subversion checks the revision number *after*
   traversal rather than before).

 - Somebody uploads a "fixed" tarball of a relase without bumping
   the version number.

In the end, if you want predictable / repeatable deployment, you have to
mirror the sources.  The fact that easy_install's '--index-url' feature
makes such a mirror convenient is just a bonus.

- --
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to