On Monday, January 30, 2012 at 4:23 AM, M.-A. Lemburg wrote:
> Richard Jones wrote: > > Hi catalog-sig, > > > > When we initially implemented file upload to PyPI it was our intention > > that the file be immutable once uploaded. The goal was to make things > > significantly simpler for end users - there would only ever be one > > file with a given name. If the content changed then so must the name > > (typically by creating a new release version.) > > > > After the upload facility was put in place we also added the ability > > to delete files uploaded to pypi. This created a loophole: if a > > package owner knew how to they could delete the file and re-upload, > > thus circumventing the replacement protection. > > > > I'm considering closing this loophole by retaining a record of the > > uploaded file (though not the contents) so that future uploads with > > the same name wouldn't be allowed. I understand that this is how the > > ruby gem archive handles deletion of files. > > > > Your thoughts? > > I don't think that's a good idea, since it would require the > package author to issue a new release whenever something goes wrong > with an upload (e.g. missing files, corrupted archive, etc.). > > Please leave the existing logic in place. And version numbers are a scarce resource? (Even though I believe it would be acceptable to cover that particular use case by giving a grace period of when you can re upload). > > Thanks, > -- > Marc-Andre Lemburg > eGenix.com (http://eGenix.com) > > Professional Python Services directly from the Source (#1, Jan 30 2012) > > > > Python/Zope Consulting and Support ... http://www.egenix.com/ > > > > mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ > > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ > > > > > > > > > > > ________________________________________________________________________ > > ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: > > > eGenix.com (http://eGenix.com) Software, Skills and Services GmbH > Pastor-Loeh-Str.48 > D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg > Registered at Amtsgericht Duesseldorf: HRB 46611 > http://www.egenix.com/company/contact/ > _______________________________________________ > Catalog-SIG mailing list > [email protected] (mailto:[email protected]) > http://mail.python.org/mailman/listinfo/catalog-sig > >
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
