-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martijn Faassen wrote:
> Hey,
> 
> [eggs in debian]
> 
> Okay, I can see this as an additional, more stably maintained resource
> of eggs than the cheeseshop. That might indeed be helpful.
> 
>> Now, how would you use the Grok gated community with the sqlalchemy
>> gated community if they had common dependencies, and those dependencies
>> were at different versions in the two communities?
> 
> I don't know. :) I don't know how a gated community is supposed to work.
> 
>> Of course, you could make one _very_ large gated community and "freeze"
>> it as a release every now and then. Er, basically the same as what
>> distros are doing, hopefully making their life much easier;)
> 
> One of the issues is that it doesn't solve my problem if you just have
> a big one. You'd need a gated community per *version* of Grok in order
> to make sure no newer eggs sneak into the project after release.

Correct.  Such a "protected mirror" provides repeatability:  for
instance, if someone installs from the cheeseshop, and then reports a
bug which can't be reproduced when installing from the mirror, then the
fix is obvious.  If no distribution of a given project is available in
the mirror, then the user should know that "caveat emptor" applies:  the
mirror defines the "supported" package set.

Essentially, the mirror externalizes the 'install_requires' with pinned
version numbers into an external website, along with the guarantee that
the specified distributions will remain available, even in the event
that somebody makes a release management booboo on the cheeseshop.

I can envision URLs which look like:

  - Copies of all distributions ever used with grok:

    http://grok.zope.org/dist/

  - Symlinks of the specific distributions known to work with grok 0.10:

    http://grok.zope.org/dist/grok-0.10/

  - Generated 'simple' API page for grok 0.10 ('--index-url' target):

    http://grok.zope.org/dist/grok-0.10/simple/

One could of course write a webapp to manage these sets, but that feels
like it might be overkill, unless the application did more stuff as well
(like maybe generating buildout.cfg files, or virtualenv derivatves).


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG/+qZ+gerLs4ltQ4RAsqZAJwKa7GTCnwcAOUl7492STPbt9WjzACfVEzH
7MLRS6zsM2+ZZqOgvcrH7CE=
=cUuO
-----END PGP SIGNATURE-----
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to