[Zope-dev] the Zope Framework project

Tres Seaver tseaver at palladion.com
Tue Mar 3 12:28:52 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephan Richter wrote:
> On Tuesday 03 March 2009, Tres Seaver wrote:
>> Stephan, I *have* managed a large set, and I'm *certain* that the KGS is
>> useful for many cases:  it just doesn't work for me for any large
>> production application:  I don't want to rely on the iffy availability
>> of eggs from PyPI, for instance, which means that running a separate,
>> per-project index is my only recourse anyway.  Once you are running your
>> own index, it's contents *are* a KGS, just not one managed using the
>> 'versions.cfg' machinery.
> 
> Who says that you cannot use your own index with the KGS? Do you think I use 
> the official PyPI location for production? We use two approaches at Keas:

If I'm running my own project-specific index, it *is* the KGS for that
project:  I don't need to manage versions anyplace else.

> (1) Use a PyPI proxy server that caches all needed packages locally.

Not an option:  I don't let new pacakges, or new versions, into my index
 without reviewing them first.  Typically, this means adding the egg to
my sandbox (e.g., via easy_install, or a develop-egg), verifying that it
works with the other pacakges, has reasonable tests and docs, and does
what I need.  Once I'm done with that review, I copy the sdist to my
project index, and update the dependencies and / or buildout config to
pull it in.

> (2) Use zc.sourcerelease so that all packages are part of the big source TAR 
> ball.

I don't need the big tarball, because I have an index:  I can just
enumerate the eggs I need (e.g., in 'install_requires' or in
buildout.cfg) without any versioning at all, and trust that the index
will supply the "blessed" versions.



Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJrWjU+gerLs4ltQ4RApviAJ9Ul8m8FXzbYV9YK2Mt2ofNs2SfhQCfWLCt
E9CK+vzQnGQG7djluyL8cew=
=PcE6
-----END PGP SIGNATURE-----



More information about the Zope-Dev mailing list