[Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

Tres Seaver tseaver at palladion.com
Fri Apr 3 14:01:30 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Withers wrote:
> Tres Seaver wrote:
>>>> Personally, I evaluate such eggs in a sandbox, and then add them to the
>>>> project-specific index once I'm sure that they work with the other
>>>> software in the index:  I don't use PyPI at all when building out
>>>> production sites.
>>> That seems overly heavyweight for the average new user.
>>>
>>> "no, sorry, you can't use Zope 2.12 with anything other than what it 
>>> comes with unless you get your own egg repository running"
>> Who is talking about an "average new user"? 
> 
> We're talking about the standard was of doing things, that encompasses 
> the average user. I don't see how the setup you describe can work unless 
> every user runs their own egg server...

That wasn't what I said:  the "Personally" part was a pretty clear
signal that I was being descriptive of my practices, and not
prescriptive for others'.

>> new stuff:  it sucks as the basis for a repeatable build environment.
> 
> I think that's a little harsh, if you use buildout and a locked down 
> versions section all you have to worry about is PyPI being down when you 
> don't have the eggs in a local buildout cache.

No, you also have to worry about people removing eggs you formerly
installed, or uploading new versions without changing the version
number, or uploading new, backwards-compatibility-breaking versions,
etc.  *Nothing* about getting an egg from PyPI is repeatable.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ1k76+gerLs4ltQ4RAtXtAJ9fyMa0g6rB2dJN9soxwEvQ1Vho+gCdHvJw
vDbs6CIqAYfvvDgdJm7Vrdc=
=fRRq
-----END PGP SIGNATURE-----


More information about the Zope-Dev mailing list