On 2016-05-11 10:09:31 -0400 (-0400), Jim Rollenhagen wrote: [...] > Well, if we're talking about python, it all comes from PyPI. [...]
That's not entirely true. Some projects listed on PyPI are simply index links to packages hosted elsewhere on the Web and that used to be a _lot_ more common than it is today. In the past year or two, pip started warning and then by default refusing to retrieve packages not hosted directly on PyPI, which has driven a lot of the remaining stragglers to start uploading their packages directly to it. Basically after many years, the Python community recognized that having dependencies scattered hither and yon was a terrible idea both from a security perspective and from a stability/robustness perspective. In time I expect other packaging ecosystems still suffering from that paradigm will come to similar conclusions as their communities mature and their deployed base broadens further. -- Jeremy Stanley __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
