2010/7/13 "Martin v. Löwis" <mar...@v.loewis.de>: > Am 13.07.2010 00:15, schrieb Tarek Ziadé: >> 2010/7/13 "Martin v. Löwis" <mar...@v.loewis.de>: >>>> Why is that ? This used to work, IIRC. This is a regression on PyPI >>>> side (checkbox added afaik), and needs to be fixed. >>> >>> How would you propose to fix this? >> >> A quick hack is to look at the user agent (urllib2) and remove your >> checkbox in this case. > > That would be unacceptable, because the question is then not being > asked. Our legal counsel advised us that we must have such a checkbox, > and offering a way to bypass it defeats its purpose.
There's a difference between a legal decision and a technical backward compatibility issue. Your change in the PyPI UI has broken the register command in Distutils for Python 2.5 and onward. If this legal issue is to be applied to *all* existing Python version *immediatly*, we should create a security patch for all versions. >> A cleaner step would be to remove this and create a new UI page to >> register the users >> from within the web version, and change the human links in your web app. > > This I don't understand. Is this essentially the same proposal: you > don't get asked the question if you register through distutils? No, because this is how it works in Python 2.5, 2.6, 2.7, 3.1 Again, the command is now broken because you have added a checkbox in PyPI. This change is not a bad thing, don't get me wrong. But if you enforce it for all Python versions, you basically break this feature. The urllib2 user agent has the Python version in it. I suggest that you bypass this change, for all existing Python versions, and introduce it for Python 3.2 > >> We have one complaint now, and I am complaining too. You cannot break >> existing software then say you don't consider this a "serious" problem >> because it's not widely used. > > Sure I can. If the PSF legal counsel tells me to make a change to PyPI, > I don't question that order, not even if complying means to break some code. But the PSF didn't tell you to break existing Python versions. I think we need to find a better solution here. > >> Are you really expecting me to remove silently this feature from all >> python versions documentation and tell people it's not a serious >> problem ? > > I think the whole notion of distutils being able to perform user > registration is flawed. This already is clear when you consider that > it actually *doesn't* register the user, but only initiates registration > so that the user has to complete registration over the > web. We might as well tell him to do the entire registration over the web. Again, maybe it's flawed, and maybe we should remove it. But you cannot break this feature in Python 2.5, 26 etc.. because you find it flawed today. Regards Tarek -- Tarek Ziadé | http://ziade.org _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
