From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49978) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFcOo-0004FR-5g for guix-patches@gnu.org; Tue, 30 May 2017 04:21:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFcOk-0000Lu-WB for guix-patches@gnu.org; Tue, 30 May 2017 04:21:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:41469) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dFcOk-0000La-Ct for guix-patches@gnu.org; Tue, 30 May 2017 04:21:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dFcOk-0001tT-7Y for guix-patches@gnu.org; Tue, 30 May 2017 04:21:02 -0400 Subject: bug#27110: [PATCH] gnu: asciinema: Update to 1.4.0. Resent-Message-ID: Message-Id: <492f4f27.AEMAK1ybgpwAAAAAAAAAAAPFwJUAAAACwQwAAAAAAAW9WABZLStS@mailjet.com> MIME-Version: 1.0 From: Arun Isaac Date: Tue, 30 May 2017 13:50:27 +0530 In-reply-to: <20170529204226.GB15019@jasmine> References: <1495934193.2882278.990671576.787F34D9@webmail.messagingengine.com> <1519f8c5.AEUAKk_HotIAAAAAAAAAAAPFk78AAAACwQwAAAAAAAW9WABZKwI9@mailjet.com> <20170528183753.GB15883@jasmine> <2dff1be8.ADsAAhu0Cj4AAAAAAAAAAAO8ccgAAAACwQwAAAAAAAW9WABZK0zP@mailjet.com> <20170528223323.GA15181@jasmine> <877f10fuwp.fsf@fastmail.com> <20170529204226.GB15019@jasmine> Content-Type: text/plain Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Leo Famulari Cc: Alex Griffin , 27110-done@debbugs.gnu.org > In my experience, it seems like the PyPi tarballs are what the upstream > projects want distributors to use. > > So, I usually use what's on PyPi, but it depends. By preferring pypi, I worry that we promote a kind of centralization. In my romanticized vision for the future, I see every one self-hosting their own servers, serving code for their projects, and guix pulling and building from all of them. This is why I find excessive dependence on pypi disturbing. We are also creating a single point of failure/attack at pypi. Granted that everyone using github to host their projects is not much better, still... =