When packaging python packages, why are we using the source tarballs
hosted on PyPI, rather than using the source tarballs hosted on the
websites of the individual projects?

For example, for the package python-pycrypto, why are we using the
tarball from PyPI
https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
instead of the tarball from the pycrypto project website
https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz ?

Using the PyPI tarball seems to make Guix dependent on another package
repository -- namely, PyPI. That seems to me a bad thing.

I have packaged a few python packages using the tarballs from their
respective project websites. Should I change them to use the PyPI
tarballs before contributing the package definitions to Guix? Which
tarball should I prefer?

Regards,
Arun