On 29 January 2012 23:47, Richard Jones <r1chardj0...@gmail.com> wrote:
> Hi catalog-sig, > > When we initially implemented file upload to PyPI it was our intention > that the file be immutable once uploaded. The goal was to make things > significantly simpler for end users - there would only ever be one > file with a given name. If the content changed then so must the name > (typically by creating a new release version.) > > After the upload facility was put in place we also added the ability > to delete files uploaded to pypi. This created a loophole: if a > package owner knew how to they could delete the file and re-upload, > thus circumventing the replacement protection. > > I'm considering closing this loophole by retaining a record of the > uploaded file (though not the contents) so that future uploads with > the same name wouldn't be allowed. I understand that this is how the > ruby gem archive handles deletion of files. > > Your thoughts? > FWIW I've occasionally found it useful to be able to delete uploads and replace them, so I'm -1 on losing this capability. All the best, Michael > > > Richard > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig > -- http://www.voidspace.org.uk/ May you do good and not evil May you find forgiveness for yourself and forgive others May you share freely, never taking more than you give. -- the sqlite blessing http://www.sqlite.org/different.html
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
