build only approved packages

[dhellmann]

We want to control the scope of the index as well as the security of what is built, therefore we need to control which packages are allowed to be built. Version updates should be more automated than introducing a new package.

[tiran]

Are we going to start with Torch / OpenAI / NumPy / SciPy stack and then broaden the scope? We could use packages in CentOS and Fedora as baseline for extended scope.

• Python packages in CentOS Stream / RHEL
• Python packages in Fedora
• Top PyPI downloads
  • https://pypistats.org/top
  • https://robert-96.github.io/top-pypi-packages/

dnf repoquery --source | grep -E ^python- and dnf repoquery --whatrequires 'python(abi)' should list all Python packages and Python-based applications. The name of the package should reflect the PyPI project name in majority of cases, too.

[dhellmann]

Are we going to start with Torch / OpenAI / NumPy / SciPy stack and then broaden the scope? We could use packages in CentOS and Fedora as baseline for extended scope.

The plan is to focus on the AI stack(s), at least to start. I could see us expanding over time, but for now we should make decisions based on prioritizing that subset.