Donald Stufft wrote: > > > On Monday, January 30, 2012 at 4:23 AM, M.-A. Lemburg wrote: > >> Richard Jones wrote: >>> Hi catalog-sig, >>> >>> When we initially implemented file upload to PyPI it was our intention >>> that the file be immutable once uploaded. The goal was to make things >>> significantly simpler for end users - there would only ever be one >>> file with a given name. If the content changed then so must the name >>> (typically by creating a new release version.) >>> >>> After the upload facility was put in place we also added the ability >>> to delete files uploaded to pypi. This created a loophole: if a >>> package owner knew how to they could delete the file and re-upload, >>> thus circumventing the replacement protection. >>> >>> I'm considering closing this loophole by retaining a record of the >>> uploaded file (though not the contents) so that future uploads with >>> the same name wouldn't be allowed. I understand that this is how the >>> ruby gem archive handles deletion of files. >>> >>> Your thoughts? >> >> I don't think that's a good idea, since it would require the >> package author to issue a new release whenever something goes wrong >> with an upload (e.g. missing files, corrupted archive, etc.). >> >> Please leave the existing logic in place. > And version numbers are a scarce resource?
No, but having to kick off the whole release process again just because something went wrong when uploading release files to PyPI causes plenty of trouble. > (Even though I believe it would be acceptable to cover that particular use > case by giving a grace period of when you can re upload). Can't we just leave dealing with that problem to the package authors ? It's their responsibility, not PyPI's. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 30 2012) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
