bug#27110: [PATCH] gnu: asciinema: Update to 1.4.0.

[Arun Isaac]

Marius Bakke writes:

> Leo Famulari <address@hidden> writes:
>
>> My understanding is that project maintainers upload their releases to
>> PyPi, not that PyPi packages the release for them. Is that incorrect?
>
> This is true. The PyPi releases are often different from the raw
> sources, look for the magic lines "packages" and "package_data" in
> setup.py[0] to see what is included/excluded in the PyPi archive.
> Unfortunately some packages also exlude tests, in which case it's okay
> to use the upstream repository.
>
> Some projects provide PGP signatures on PyPi as well, which is great.
> Take matplotlib for example:
>
> https://pypi.python.org/pypi/matplotlib (PGP signed tarball, 52MiB)
> https://github.com/matplotlib/matplotlib/releases (no signature, 51MiB)
>
> [0] https://packaging.python.org/distributing/

In general, for the typical python library/package (published both on
pypi and github), should we prefer the pypi tarball or the original
upstream github tarball? WDYT?