Please add releases in addition to the tags

[basilgello]

Hi @youknowone

NeuroDebian maintainers are ready to introduce your packages to Debian, and I want to make sure the build sources are verifiable over time.

It seems, however, that Github does store release tarballs but regenerates the source codes on the fly. I asked about it here and in the meantime I'd like you to publish the release of the latest tag and upcoming ones.

This applies also to wirerope.

Thanks!

[youknowone]

Hi, I understand the concerns.

At the same time, I feel like uploading a tarball of python package to github releases doesn't give much values. The major source provide of Python packages are usually PyPI, not github releases. Even if I upload a tarball to github releases, nothing guarantees it is identical to the release I did to PyPI.

I guess PyPI is providing permanent tarball of its actual release. Rather than using github releases, could you consider to use it? You may still need to check if it keeps your requirements, but it looks to have better chance to meet it in my opinion. https://pypi.org/project/methodtools/#files

[basilgello]

In the meantime we discussed with @yarikoptic and decided to keep using Git checkout as a source of truth. Tarballs are maintained within Debian packaging infra.

Switching to PyPI for your package is probably fine, but project-wide, some devs choose not to include tests and docs into pypi releases and some do and we use these to ensure QA of packages.