On May 13, 2009, at 12:47 PM, Andreas Jung wrote:
On 13.05.09 18:44, Jim Fulton wrote:
On May 13, 2009, at 12:41 PM, Andreas Jung wrote:
On 13.05.09 18:38, Jim Fulton wrote:
On May 13, 2009, at 12:04 PM, Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Patrick Gerken wrote:
I start being scared of using pypi.
I wonder why.
You should be *very* afraid of depending on PyPI for softare rolled into production.
Why do you think he should be afraid? Packages or releases might disappear - intentionally or unintentionally - in both cases a buildout with fixed pinned version may fail.
That's a minor issue at this point, because:
- We now know not to remove releases.
Jup, we know but some package maintainers outside the Zope world don't.
- If you are using something in production, you should archive the necessary source releases, using a tool like zc.sourcerelease.
One option or Tres solution: having a dedicated local index on a per- project basis or a local egg server or a (partial) local PyPI mirror.
That's an option. It takes a lot of work. I don't have a problem with people doing that. I just don't like this meme of "fearing" pypi. Jim -- Jim Fulton Zope Corporation