[openstack-dev] [tc] supporting Go

Jeremy Stanley fungi at yuggoth.org
Wed May 11 15:52:38 UTC 2016


On 2016-05-11 10:09:31 -0400 (-0400), Jim Rollenhagen wrote:
[...]
> Well, if we're talking about python, it all comes from PyPI.
[...]

That's not entirely true. Some projects listed on PyPI are simply
index links to packages hosted elsewhere on the Web and that used to
be a _lot_ more common than it is today. In the past year or two,
pip started warning and then by default refusing to retrieve
packages not hosted directly on PyPI, which has driven a lot of the
remaining stragglers to start uploading their packages directly to
it. Basically after many years, the Python community recognized that
having dependencies scattered hither and yon was a terrible idea
both from a security perspective and from a stability/robustness
perspective. In time I expect other packaging ecosystems still
suffering from that paradigm will come to similar conclusions as
their communities mature and their deployed base broadens further.
-- 
Jeremy Stanley



More information about the OpenStack-dev mailing list