From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37874) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFinb-0007kj-1c for guix-patches@gnu.org; Tue, 30 May 2017 11:11:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFinW-0006Yo-8G for guix-patches@gnu.org; Tue, 30 May 2017 11:11:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:42752) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dFinV-0006Ya-Nt for guix-patches@gnu.org; Tue, 30 May 2017 11:11:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dFinV-0006yQ-Je for guix-patches@gnu.org; Tue, 30 May 2017 11:11:01 -0400 Subject: bug#27110: [PATCH] gnu: asciinema: Update to 1.4.0. Resent-Message-ID: From: Marius Bakke In-Reply-To: References: <1495934193.2882278.990671576.787F34D9@webmail.messagingengine.com> <1519f8c5.AEUAKk_HotIAAAAAAAAAAAPFk78AAAACwQwAAAAAAAW9WABZKwI9@mailjet.com> <20170528183753.GB15883@jasmine> <2dff1be8.ADsAAhu0Cj4AAAAAAAAAAAO8ccgAAAACwQwAAAAAAAW9WABZK0zP@mailjet.com> <20170528223323.GA15181@jasmine> <877f10fuwp.fsf@fastmail.com> <20170529204226.GB15019@jasmine> Date: Tue, 30 May 2017 17:10:47 +0200 Message-ID: <87shjme5xk.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Arun Isaac , Leo Famulari Cc: 27110-done@debbugs.gnu.org, Alex Griffin --=-=-= Content-Type: text/plain Arun Isaac writes: >> In my experience, it seems like the PyPi tarballs are what the upstream >> projects want distributors to use. >> >> So, I usually use what's on PyPi, but it depends. > > By preferring pypi, I worry that we promote a kind of centralization. In > my romanticized vision for the future, I see every one self-hosting > their own servers, serving code for their projects, and guix pulling and > building from all of them. This is why I find excessive dependence on > pypi disturbing. We are also creating a single point of failure/attack > at pypi. Granted that everyone using github to host their projects is > not much better, still... I don't find Github better at all. One is a centralized source code hosting platform, the other is a centralized Python package publishing platform. In the rare case where the package is hosted elsewhere (e.g. on a personal/project home page) then we should use that*, but I have no real preference between github/bitbucket/etc and PyPi other than PyPi packages often being more "polished". * Usually**, such pages just link to PyPi. ** See "python-cram" for a counter-example. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlkti3cACgkQoqBt8qM6 VPq+yQf/Vl8rUEUOERm+JQch1/xysYz53XtJH9n3W0imJAn3IhDyQJebK6MZweFM mUOjmeap9Y+7npGJGUkLGbDhHaxYfM/mQMi4++pu77MPyDUQFgcyCuFjidmrz7vn 28qJI5QhKNlGIQHk8i4jV+LbJBMyvNIKdU+EviK09mhhRamF95xrNFtjoAZgJMMd Q7KnlFbCWe9noSux69wM5Kt/iMnG40xaosE8GkbajZArOFeVSOSBMG0IpcqwTHAv rqCApsq5LFbWMuXCg5FPnYH1plbvk65aXukByQc5mWFYi/5IjMKS4H2Wp6LhpzLK 1wWkQNojF+IvsySY5fXhy12Xb9p2sg== =MsHY -----END PGP SIGNATURE----- --=-=-=--