On Wed, May 15, 2013 at 2:33 PM, Donald Stufft <[email protected]> wrote: > > On May 15, 2013, at 2:10 PM, Daniel Holth <[email protected]> wrote: > >> On Wed, May 15, 2013 at 1:12 PM, Donald Stufft <[email protected]> wrote: >>> It also has a problem with setuptools, distribute, and PyPI and the way >>> they do normalization. They all already assume that projects will generally >>> have alpha numeric names and you can take any non alpha numeric string of >>> characters and replace it with a "-". So in order to properly support >>> unicode you'd have to remove all the existing versions of setuptools from >>> production use, and you'd need to update PyPI to understand how to lower >>> case unicode. >>> >>> Because I registered The snowman package, you'll find it's impossible to >>> register any other pure unicode package of any length. >> >> If PyPI has a proper i18n and Unicode implementation first, and then >> the tools are updated (perhaps distlib is an easier place to add >> Unicode than setuptools), then pypi will contain: >> >> 1. mostly ASCII projects that everyone can install >> >> 2. some Unicode projects uploaded by jerks >> >> 3. some worthwhile Unicode-named projects that might not have been >> uploaded before >> >> 4. some Unicode-named packages that you have to use even though you >> don't like the name? >> >> It's true that for a long time ASCII project names will be more >> convenient no matter what PyPI does, but it can be the publisher's >> choice rather than being cut off at the head. I don't think it's a >> tremendous amount of work to make Unicode work properly just for those >> who want it. > > The problem here isn't just that the old systems won't support it. It's that > they both won't support it and if someone does attempt to use a unicode > package they can get an entirely different package then they expected to get. > The failure case is a massive security risk.
Don't expose them in the simple API? If this is PyPI's big security issue then we are doing awesome. _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
