Comment by troismph
7 hours ago
I am curious why we still need PyPI to hold packages: it may be better to install from github.
Github provides much better integrated experience: source code, issues, docs, etc.
7 hours ago
I am curious why we still need PyPI to hold packages: it may be better to install from github.
Github provides much better integrated experience: source code, issues, docs, etc.
I don't think this is that terrible of an idea, actually. Before PyPI disabled searching, I'd say that the value of centralization was from that, and possibly due to security, but I think any claim of security from a central repo is deluding ourselves these days. There are so many opportunities for supply chain attacks that maybe this isn't actually worse. Requiring pip to refer to a github owner/repo might eliminate some of the squatter problems we have, too.