Honestly, this is not intended to be a political post, in recent weeks both node and python have been hit with various issues regarding "insecure packaging" repositories.What's actually going on, and why is it difficult to fix (or difficult to fix for at least the top 60% of downloaded packages?)Emacs has had similar problems...Apparently linux distros do not?How would you architect a new package repository for any system be it node, python, go, ... or using npm, pip, conda, ...?fwiw, heard a very interesting python podcast about the sheer numbers of terabytes downloaded every month from the pypi.http://ift.tt/2xUVWJV is the most powerful part of the Python ecosystem? Well, the ability to say "pip install magic_library" has to be right near the top. But do you what powers the Python Package Index and the people behind it? Did you know it does over 300 TB traffic each month these days?And that huge number would be far larger if not for aggressive caching built into pipi and pip these days.
Submitted October 02, 2017 at 04:08AM by jpflathead
No comments:
Post a Comment