bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Martin <>
Subject Re: Unable to install bloodhound from svn, pip install fails
Date Mon, 03 Sep 2012 09:58:14 GMT
On 09/03/2012 09:46 AM, Branko ─îibej wrote:
> On 03.09.2012 03:48, Gary Martin wrote:
>> There is another interesting alternative that I noted from a
>> conversation on general@incubator.a.o. It seems that there is at least
>> one podling (Apache Stanbol) that has a 'deps' source package that is
>> used alongside their main release. I am not sure whether we should be
>> looking to a similar approach as the reasoning behind it may not match
>> ours. There are, however, some nice features associated with this
>> approach. For instance, a deps package as a whole could (presumably
>> must) be signed. In contrast, it seems that code signing is usually
>> lacking on packages on pypi - I assume that we could not provide PGP
>> signatures on a package by package basis with an alternate package index.
> Subversion had such a deps signed source package before it came to
> Apache; later we discontinued that because some optional dependencies do
> not have a compatible license, so instead we ship a script that
> downloads the dependencies.
> License issues may prevent Bloodhound from releasing such a source
> package, but you'd know more about the details of that.
> -- Brane

I believe that none of these packages have any licensing issues for us. 
That may not be enough justification for implementing such a scheme 
though. The availability of the deps source tarball pretty much 
guaranteed when the main source tarball is available is quite 
attractive, along with any advantage from the deps package being signed 
as a whole.


View raw message