[Zope-dev] "ZTK" futures: one big package?

Jim Fulton jim at zope.com
Wed May 13 14:09:22 EDT 2009


On May 13, 2009, at 12:47 PM, Andreas Jung wrote:

> On 13.05.09 18:44, Jim Fulton wrote:
>>
>> On May 13, 2009, at 12:41 PM, Andreas Jung wrote:
>>
>>> On 13.05.09 18:38, Jim Fulton wrote:
>>>> On May 13, 2009, at 12:04 PM, Tres Seaver wrote:
>>>>
>>>>
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> Patrick Gerken wrote:
>>>>>
>>>>>
>>>>>> I start being scared of using pypi.
>>>>>>
>>>> I wonder why.
>>>>
>>>>
>>>>> You should be *very* afraid of depending on PyPI for softare  
>>>>> rolled
>>>>> into
>>>>> production.
>>>>>
>>>> Why do you think he should be afraid?
>>> Packages or releases might disappear - intentionally or
>>> unintentionally -
>>> in both cases a buildout with fixed pinned version may fail.
>>
>>
>> That's a minor issue at this point, because:
>>
>> - We now know not to remove releases.
>
> Jup, we know but some package maintainers outside the Zope world
> don't.
>>
>> - If you are using something in production, you should archive the
>> necessary
>>  source releases, using a tool like zc.sourcerelease.
>
> One option or Tres solution: having a dedicated local index on a per- 
> project
> basis or a local egg server or a (partial) local PyPI mirror.

That's an option.  It takes a lot of work.  I don't have a problem  
with people doing that. I just don't like this meme of "fearing" pypi.

Jim

--
Jim Fulton
Zope Corporation




More information about the Zope-Dev mailing list