From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arun Isaac <arunisaac@systemreboot.net>
Subject: Source tarballs from PyPI versus tarballs from the individual project
	websites
Date: Wed, 12 Oct 2016 11:46:17 +0530
Message-ID: <cu7oa2qdrda.fsf@systemreboot.net>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56112)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arunisaac@systemreboot.net>) id 1buCqB-0002LQ-P6
	for guix-devel@gnu.org; Wed, 12 Oct 2016 02:16:36 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arunisaac@systemreboot.net>) id 1buCq7-000727-IO
	for guix-devel@gnu.org; Wed, 12 Oct 2016 02:16:34 -0400
Received: from [117.218.232.8] (port=54672 helo=systemreboot.net)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arunisaac@systemreboot.net>) id 1buCq6-00070R-SS
	for guix-devel@gnu.org; Wed, 12 Oct 2016 02:16:31 -0400
Received: from [103.61.74.51] (helo=steel) by systemreboot.net with esmtpsa
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87)
	(envelope-from <arunisaac@systemreboot.net>) id 1buCq1-0000Ou-Iy
	for guix-devel@gnu.org; Wed, 12 Oct 2016 11:46:25 +0530
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: "guix-devel@gnu.org" <guix-devel@gnu.org>

--=-=-=
Content-Type: text/plain


When packaging python packages, why are we using the source tarballs
hosted on PyPI, rather than using the source tarballs hosted on the
websites of the individual projects?

For example, for the package python-pycrypto, why are we using the
tarball from PyPI
https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
instead of the tarball from the pycrypto project website
https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz ?

Using the PyPI tarball seems to make Guix dependent on another package
repository -- namely, PyPI. That seems to me a bad thing.

I have packaged a few python packages using the tarballs from their
respective project websites. Should I change them to use the PyPI
tarballs before contributing the package definitions to Guix? Which
tarball should I prefer?

Regards,
Arun

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX/dUxAAoJEC4l7othgCuzrm8IAMO++bpJSt+4QEHKy4ocu3RF
0ylYMWnFLOXeFOAcXYPzdgiBzQWjas4EP+y/qFBztwFXRSm/LWNj2Uc+rdWH/+mp
tzf7871MV+HaAwnY6e4mFVkWeULvZyUzCDAIVt12nWDOqXSk3oKPj+SNpLNU6i2t
oEu4wLcl5UFz3nSfiHBe0iRIO8DhWrwN/XdLkQVd5tSWMA8lCIaE9sFp0VRbQbkA
RyDP1S6xeWM4o1LZ1KOfdn4UCGOx0+6CDo65CnoKEgs6/5EXR8uou4Bg55PjENDN
uMCNYTPx9K5VxuWWfrmoobsD/sUyWktNWNkHh5AoJGrGGNlOg8TxuwXR3WvDhPE=
=qC7v
-----END PGP SIGNATURE-----
--=-=-=--