Arun Isaac writes: >> In my experience, it seems like the PyPi tarballs are what the upstream >> projects want distributors to use. >> >> So, I usually use what's on PyPi, but it depends. > > By preferring pypi, I worry that we promote a kind of centralization. In > my romanticized vision for the future, I see every one self-hosting > their own servers, serving code for their projects, and guix pulling and > building from all of them. This is why I find excessive dependence on > pypi disturbing. We are also creating a single point of failure/attack > at pypi. Granted that everyone using github to host their projects is > not much better, still... I don't find Github better at all. One is a centralized source code hosting platform, the other is a centralized Python package publishing platform. In the rare case where the package is hosted elsewhere (e.g. on a personal/project home page) then we should use that*, but I have no real preference between github/bitbucket/etc and PyPi other than PyPi packages often being more "polished". * Usually**, such pages just link to PyPi. ** See "python-cram" for a counter-example.