[aur-general] Trusted user application: Drew DeVault
Daniel M. Capella
polyzen at archlinux.org
Thu Feb 28 04:40:08 UTC 2019
On February 27, 2019 10:47:59 PM EST, Drew DeVault via aur-general <aur-general at archlinux.org> wrote:
>On 2019-02-27 10:42 PM, Eli Schwartz via aur-general wrote:
>> I guess the difference between PyPI and Github sources could be
>> clarified, but really I'd much rather upstreams would get in the
>habit
>> of using a MANIFEST.in which ensured the license and testsuite was
>> correctly included in the source dist.
>
>This is the main bit that I feel can be clarified. The wiki page today
>is written like there's One True Way to specify sources=() for a Python
>package, and that way has some serious defects (lack of tests, license
>file, etc) - to the point where if you can get the package another way,
>you probably should.
All the upstreams for my Python packages have agreed to merge these additions, though there were those that took a bit of convincing. I still have to use non-PyPI sources for some as they haven't yet made new releases, don't manage their own PyPI pages (and one could wait indefinitely for the release), or use PGP signing. Apparently there's a way to sign PyPI packages, but I haven't really looked into that yet.
--
Best,
polyzen
More information about the aur-general
mailing list