@@ 10,7 10,7 @@ translationKey: "announce-ipwhl"
## What is IPWHL?
-The interplanetary wheels (IPWHL) are platform-unique, singly-versioned Python
+The [interplanetary wheels][IPWHL] are platform-unique, singly-versioned Python
built distributions backed by IPFS. It aims to be a downstream wheel supplier
in a similar fashion to GNU/Linux distributions, whilst take advantage of a
content-addressing peer-to-peer network to provide a reproducible,
@@ 25,41 25,18 @@ exactly same environment on every platform.
The official IPWHL repository will provide exclusively free software. However,
deriving the repository should be trivial and is a supported use case.
+[IPWHL]: https://sr.ht/~cnx/ipwhl
+
## Why?
-The cheese shop is great, but choosing cheeses from it can often be confusing.
-Dependency resolution is expensive, and version requirements are not
-future-proof. In order to avoid breakage, people usually have to pin packages
-on the installer side, which is redundant and difficult to validate manually.
-Additionally, we believe it is not the packaging users' job to do this; they
-should be able to save their time doing what they do best: writing and using
-software.
-
-Moreover, there are millions of ways for a piece of cheese to rot on the way
-home from the (almost) lawless cheese shop. Everyone can sell at the shop, and
-thus typosquatting is a common exploit. In addition, cheeses from the shop are
-not independently verifiable: the checksums are provided along with the files
-so the shop is the single point of failure for security attacks. There are
-ongoing efforts to integrate TUF into Python packaging toolchain, however it is
-unlikely that they can entirely mitigate this due to the centralized nature of
-the inherent architecture.
-
-Centralization also makes it really difficult for mirrors to be useful for the
-users: the cheese shop is not aware if any of its mirrors, let alone
-redirecting to the closest one. Mirroring is hardly a collaborative effort, one
-either provide everything for an entire region, or give up. On the other hand,
-many organizations host their Python packages and their dependencies on
-dedicated machines running 24/7, but the resources are mostly gone to waste
-when unused by the companies themselves.
-
-IPWHL makes use of IPFS and statically declared and carefully curated metadata
-to try to solve most the listed problems. In addition to providing only one
-wheel version at a time, source distributions are not supplied to avoiding
-executing untrusted code on the users' machine.
-
-## How to package for IPWHL
-
-TBD
+IPWHL is created as a curated and decentralized Python package repository.
+
+PyPI repository is uncurated: anyone can publish a package there, which enables
+typosquatting and some other exploits. In contrast, by controlling which
+packages can go into IPWHL, we reduces risk of distributing malware
+significantly. Decentralizing the repository with IPFS makes mirroring more
+helpful and cost-saving. Additionally, by making the wheels singly-versioned,
+IPWHL is expected to save time for dependency resolution.
## How to use IPWHL?
@@ 89,4 66,5 @@ ipfs pin add $IPWHL_CID
## Feedback
-TBD
+IPWHL is in its early stage, so we would appreciate if you can let us know how
+you feel about it.