-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martijn Faassen wrote:
> Hey,
>
> [eggs in debian]
>
> Okay, I can see this as an additional, more stably maintained resource
> of eggs than the cheeseshop. That might indeed be helpful.
>
>> Now, how would you use the Grok gated community with the sqlalchemy
>> gated community if they had common dependencies, and those dependencies
>> were at different versions in the two communities?
>
> I don't know. :) I don't know how a gated community is supposed to work.
>
>> Of course, you could make one _very_ large gated community and "freeze"
>> it as a release every now and then. Er, basically the same as what
>> distros are doing, hopefully making their life much easier;)
>
> One of the issues is that it doesn't solve my problem if you just have
> a big one. You'd need a gated community per *version* of Grok in order
> to make sure no newer eggs sneak into the project after release.
Correct. Such a "protected mirror" provides repeatability: for
instance, if someone installs from the cheeseshop, and then reports a
bug which can't be reproduced when installing from the mirror, then the
fix is obvious. If no distribution of a given project is available in
the mirror, then the user should know that "caveat emptor" applies: the
mirror defines the "supported" package set.
Essentially, the mirror externalizes the 'install_requires' with pinned
version numbers into an external website, along with the guarantee that
the specified distributions will remain available, even in the event
that somebody makes a release management booboo on the cheeseshop.
I can envision URLs which look like:
- Copies of all distributions ever used with grok:
http://grok.zope.org/dist/
- Symlinks of the specific distributions known to work with grok 0.10:
http://grok.zope.org/dist/grok-0.10/
- Generated 'simple' API page for grok 0.10 ('--index-url' target):
http://grok.zope.org/dist/grok-0.10/simple/
One could of course write a webapp to manage these sets, but that feels
like it might be overkill, unless the application did more stuff as well
(like maybe generating buildout.cfg files, or virtualenv derivatves).
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG/+qZ+gerLs4ltQ4RAsqZAJwKa7GTCnwcAOUl7492STPbt9WjzACfVEzH
7MLRS6zsM2+ZZqOgvcrH7CE=
=cUuO
-----END PGP SIGNATURE-----
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
