[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Source tarballs from PyPI versus tarballs from the individual projec
|
From: |
Christopher Allan Webber |
|
Subject: |
Re: Source tarballs from PyPI versus tarballs from the individual project websites |
|
Date: |
Wed, 12 Oct 2016 06:57:28 -0500 |
|
User-agent: |
mu4e 0.9.16; emacs 25.1.1 |
Arun Isaac writes:
> When packaging python packages, why are we using the source tarballs
> hosted on PyPI, rather than using the source tarballs hosted on the
> websites of the individual projects?
>
> For example, for the package python-pycrypto, why are we using the
> tarball from PyPI
> https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
> instead of the tarball from the pycrypto project website
> https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz ?
The easy answer is probably "the importer tool we have makes it easy to
pull the version down from PyPI", so that's the way most of us package
it.
I'd be for using actual upstream, or at least supplying both, so that
they're mirrors. One concern is, what about the tooling for telling us
when updates to packages are available?
- Chris