[Zope3-dev] Re: Known-good-sets problem
Tres Seaver
tseaver at palladion.com
Mon Oct 8 14:26:08 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martijn Faassen wrote:
> Hey,
>
> Another point of feedback:
>
> I saw Stephan's mail on a (partially new) toolchain and somewhat
> extensive workflow on using it. I'm a bit surprised a toolchain is
> necessary and that the workflow is so involved. With Grok's approach
> using extends in buildout, we can just publish such a list on a dumb
> website without any tools whatsoever.
I'll agree that I don't see a need for much of a toolchain.
Effectively, the index pages are just a set of N+1 static HTML pages
(where N is the number of distutils "projects" managed by the index)
with mirrored copies of all the distributions in some well-known (and
guarded ;) location.
> Since you're effectively mirroring the cheeseshop anyway, why not rely
> on the cheeseshop entirely and just publish the version lists?
If you don't mirror the actual distributions, then you are at the mercy
of the project owner on the cheeseshop, who is free to remove or (worse)
update-in-place an egg you rely on.
This is why Debian mirrors the "pristine" tarballs of packges, and why
RPM bundles them inside the SRPMs: *other* people and their software
distribution mechanisms can't be relied on when repeatability is your goal.
- -Tres.-
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHCnZA+gerLs4ltQ4RApxHAKCbXq2QkS3l4kD7Q0/qrssPn2zTYACfRjvb
vVYlNIbZ6JwKVGY2jkxcXoA=
=B++h
-----END PGP SIGNATURE-----
More information about the Zope3-dev
mailing list