From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38570) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFQGs-0006Ip-8X for guix-patches@gnu.org; Mon, 29 May 2017 15:24:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFQGo-0006sW-HP for guix-patches@gnu.org; Mon, 29 May 2017 15:24:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:41082) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dFQGo-0006sO-E8 for guix-patches@gnu.org; Mon, 29 May 2017 15:24:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dFQGo-0003Z7-8J for guix-patches@gnu.org; Mon, 29 May 2017 15:24:02 -0400 Subject: bug#27110: [PATCH] gnu: asciinema: Update to 1.4.0. Resent-Message-ID: Message-Id: <07176684.AEAAKtByx2IAAAAAAAAAAAPFwJUAAAACwQwAAAAAAAW9WABZLHUl@mailjet.com> MIME-Version: 1.0 From: Arun Isaac Date: Tue, 30 May 2017 00:53:04 +0530 In-reply-to: <877f10fuwp.fsf@fastmail.com> References: <1495934193.2882278.990671576.787F34D9@webmail.messagingengine.com> <1519f8c5.AEUAKk_HotIAAAAAAAAAAAPFk78AAAACwQwAAAAAAAW9WABZKwI9@mailjet.com> <20170528183753.GB15883@jasmine> <2dff1be8.ADsAAhu0Cj4AAAAAAAAAAAO8ccgAAAACwQwAAAAAAAW9WABZK0zP@mailjet.com> <20170528223323.GA15181@jasmine> <877f10fuwp.fsf@fastmail.com> Content-Type: text/plain Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Marius Bakke Cc: 27110-done@debbugs.gnu.org, Alex Griffin Marius Bakke writes: > Leo Famulari writes: > >> My understanding is that project maintainers upload their releases to >> PyPi, not that PyPi packages the release for them. Is that incorrect? > > This is true. The PyPi releases are often different from the raw > sources, look for the magic lines "packages" and "package_data" in > setup.py[0] to see what is included/excluded in the PyPi archive. > Unfortunately some packages also exlude tests, in which case it's okay > to use the upstream repository. > > Some projects provide PGP signatures on PyPi as well, which is great. > Take matplotlib for example: > > https://pypi.python.org/pypi/matplotlib (PGP signed tarball, 52MiB) > https://github.com/matplotlib/matplotlib/releases (no signature, 51MiB) > > [0] https://packaging.python.org/distributing/ In general, for the typical python library/package (published both on pypi and github), should we prefer the pypi tarball or the original upstream github tarball? WDYT? =