> A communication channel for package maintainers to tell package users > "hey, this has a really serious security bug!" or "this is deprecated" > would be useful. The package homepage on PyPI can be used for that, of > course, though perhaps isn't perfect as people who are using your > package indirectly might not ever see it.
This may be a case where actually replacing an old release might be useful: you could put an actual DeprecationWarning into the code, or at least print a message in setup.py. This would increase the chance that anybody who has hard-coded the library version might see it. Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
