From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53726) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFDWD-0005gd-LT for guix-patches@gnu.org; Mon, 29 May 2017 01:47:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFDWA-0000Az-In for guix-patches@gnu.org; Mon, 29 May 2017 01:47:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39731) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dFDWA-0000Av-CP for guix-patches@gnu.org; Mon, 29 May 2017 01:47:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dFDWA-0002Tk-3N for guix-patches@gnu.org; Mon, 29 May 2017 01:47:02 -0400 Subject: bug#27110: [PATCH] gnu: asciinema: Update to 1.4.0. Resent-Message-ID: Message-Id: MIME-Version: 1.0 From: Arun Isaac Date: Mon, 29 May 2017 11:16:10 +0530 In-reply-to: <877f10fuwp.fsf@fastmail.com> References: <1495934193.2882278.990671576.787F34D9@webmail.messagingengine.com> <1519f8c5.AEUAKk_HotIAAAAAAAAAAAPFk78AAAACwQwAAAAAAAW9WABZKwI9@mailjet.com> <20170528183753.GB15883@jasmine> <2dff1be8.ADsAAhu0Cj4AAAAAAAAAAAO8ccgAAAACwQwAAAAAAAW9WABZK0zP@mailjet.com> <20170528223323.GA15181@jasmine> <877f10fuwp.fsf@fastmail.com> Content-Type: text/plain Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Marius Bakke Cc: 27110@debbugs.gnu.org, Alex Griffin Marius Bakke writes: > Leo Famulari writes: > >> On Mon, May 29, 2017 at 03:48:36AM +0530, Arun Isaac wrote: >>>=20 >>> >> Could you switch to upstream's github release tarball instead? >>> >> https://github.com/asciinema/asciinema/archive/v1.4.0.tar.gz >>> >> >>> >> LGTM, otherwise! >>> > >>> > Is there a reason to prefer one over the other? >>> > >>> > I ask because, typically, these unammed GitHub tarballs are not actua= l >>> > releases prepared by the maintainers, but just a snapshot of the Git >>> > repo, created automatically by GitHub for each tag. PyPi tends to >>> > contain the "real" release in cases like this. >>>=20 >>> I thought it is better to depend directly on the upstream source >>> (github, in this case) than on an intermediary (pypi) who has also >>> packaged the software. If we use pypi, Guix becomes some kind of second >>> order package repository that depends on pypi, the primary package >>> repository. WDYT? >> >> My understanding is that project maintainers upload their releases to >> PyPi, not that PyPi packages the release for them. Is that incorrect? > > This is true. The PyPi releases are often different from the raw > sources, look for the magic lines "packages" and "package_data" in > setup.py[0] to see what is included/excluded in the PyPi archive. > Unfortunately some packages also exlude tests, in which case it's okay > to use the upstream repository. > > Some projects provide PGP signatures on PyPi as well, which is great. > Take matplotlib for example: > > https://pypi.python.org/pypi/matplotlib (PGP signed tarball, 52MiB) > https://github.com/matplotlib/matplotlib/releases (no signature, 51MiB) > > [0] https://packaging.python.org/distributing/ Ok, we'll use the pypi tarball, then. I'm building something else now. Once I'm done, I'll build asciinema, verify, and push. =