I discussed this a bit this afternoon with Stephan and we came up
with an idea that we think might help. Stephan is going to try to
prototype it. I'll try to explain it.
The basic idea is to provide a custom index. There will be such an
index for each "known good set" (KGS). An example of a KGS would be
the KGS corresponding to the Zope 3.4 release. A KGS would have a
set of controlled projects. A KGS index will have manually-managed
project pages for all controlled projects. For other projects, it
will mirror PyPI.
The prototype will build on my cheeseshop mirroring software. We
will add a controlled projects list as configuration data. The
mirroring software will ignore updates for controlled projects. This
is a very small change to existing simple software. (The controlled
project directories could be managed by either editing index pages or
by placing approved distros into a server directory.) The custom
index will be a static web site.
With this in place, we can establish KGSs and, for controlled
projects, the index pages will only be updated when a distribution
for a known project has been carefully vetted.
Users can set up buildout or easy_install to use the specific KGS as
their index server. Each KGS will have a release manager who will be
responsible for maintaining the KGS.
We will also create a buildout that tests packages in the KGS. When
one wants to test a change to a core package, they would:
- check out the buildout
- maybe change the index option to point to a particular KGS
- check out the project(s) they want to test and configure them as
- run the buildout test script.
Hopefully, this will give us much greater stability than we've had up
Zope3-dev mailing list