Mauro Carvalho Chehab <mchehab@xxxxxxxxxx> writes: > Adding dependencies there is not the easiest thing to do, as one needs to > test the change against all supported distros to ensure that the new package > name will be the same everywhere. Also, if I'm not mistaken, some developers > don't want to use pip to install packages, wanting instead to have the > distro-provided package. That, actually, is something we definitely need to keep in mind. The security record for PyPI (as with almost all of the language-specific repos) is not great. We need to think pretty hard before telling developers (or, say, the build process on kernel.org) that they need to install packages from there on their systems. Thanks, jon
