[Zope-dev] Re: AW: Re: Grok 0.11 released!
Tres Seaver
tseaver at palladion.com
Fri Nov 9 23:12:31 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martijn Faassen wrote:
> Roger Ineichen wrote:
>> Hi Tres
>>
>>> Whoever released those two eggs (the '.dev-r#####' ones) need
>>> to release "real" updated packages, and then grok 0.11.1
>>> should be released using them.
>>>
>>> DEATH TO FAUX PACKAGES!
>> As far as I understand, this does not happen if you
>> depend on a KGS, right?
>>
>> Does the grok release not use the KGS from Stephan?
>>
>
> Not yet. We intend to look at that list at some point. Of course the KGS
> probably doesn't contain recent enough packages to support the REST
> changes.
If the REST stuff depended on unreleased versions of upstream packages,
then it should not have been merged until those packages were released
in an acceptable (non-snapshot) form.
> The other problem with KGS is that I absolutely want to fix lists of
> packages into Grok itself and never rely on any system that can cause
> the list of packages that could be updated. KGS will get bugfix
> releases. These will inevitably break something on occassion. I have no
> idea what will happen once 3.5 packages will start to appear, either.
A KGS needs to have the following properties:
- The "generation zero" of any KGS is an empty set of revisions.
- By default, any revision N of a KGS starts out as a "draft" version
which is an empty layer over version N-1. Changes to the draft
then shadow any versions in the prior revision.
- Once "finalized" / "published", a given revision of a KGS can
*never* be changed.
- Any KGS can be derived from the published version of another KGS,
with additions of new distributions / versions and updates of
versions for underlying distributions.
- In conjunction with a "find-links" site which promises never to
remove any distribution which has been included in a published
revision of a KGS, the current 'version.cfg' (and workalike)
files are sufficient to establish a KGS. Without that promise,
however, those files can't be considered as defining a KGS.
Therefore,
- Given that all distribution versions mentioned in a KGS are
stored at a trusted / reliable URL, any immutable KGS revision
can be trivially transformed into a PyPI package index: each
distribution will have exactly one allowed version, which will
point to a single URL on a reliable server.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHNS+v+gerLs4ltQ4RAl/rAJ9lDeB9nOXGab+/uAithNjeMeREkwCgguHF
5qA0vftURPPCW7SR2yZVTmk=
=NBMc
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list