[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Source tarballs from PyPI versus tarballs from the individual project we
|
From: |
Arun Isaac |
|
Subject: |
Source tarballs from PyPI versus tarballs from the individual project websites |
|
Date: |
Wed, 12 Oct 2016 11:46:17 +0530 |
|
User-agent: |
mu4e 0.9.16; emacs 25.1.1 |
When packaging python packages, why are we using the source tarballs
hosted on PyPI, rather than using the source tarballs hosted on the
websites of the individual projects?
For example, for the package python-pycrypto, why are we using the
tarball from PyPI
https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
instead of the tarball from the pycrypto project website
https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz ?
Using the PyPI tarball seems to make Guix dependent on another package
repository -- namely, PyPI. That seems to me a bad thing.
I have packaged a few python packages using the tarballs from their
respective project websites. Should I change them to use the PyPI
tarballs before contributing the package definitions to Guix? Which
tarball should I prefer?
Regards,
Arun
signature.asc
Description: PGP signature
- Source tarballs from PyPI versus tarballs from the individual project websites,
Arun Isaac <=