On Mon, Sep 29, 2014 at 9:36 AM, Barry Warsaw <ba...@python.org> wrote: > On Sep 28, 2014, at 07:31 PM, Donald Stufft wrote: > >>I'd like to discuss the idea of moving PyPI to having immutable files. This >>would mean that once you publish a particular file you can never reupload >>that file again with different contents. This would still allow deleting the >>file or reuploading it if the checksums match what was there prior. > > Although I have abused this in the past, as others have pointed out, because > once uploaded I realize there is a bug in the package. There's a certain > class of such bugs that prompt a quick re-upload rather than a version rev, > such as some display problem on PyPI (because of package metadata), or some > follow on packaging bug, such as a missing MANIFEST.in causing Debian package > build to fail. Yes, the latter is more easily checked before upload, but > sometimes you feel optimistic. ;) > > This won't make your lives easier, but I'd like to propose some support for > "embargoed" uploads. These would be normal uploads except that they wouldn't > be publicly available until a 'publish' button were pushed. Such embargoed > uploads wouldn't be subject to the checksum limitation, and we'd have to > figure out exactly how such packages would be available (certainly to a logged > in owner of the project via the web, but perhaps through an authenticated > scriptable interface). > > Even if you decide against supporting something like this, I'd still be okay > with the checksum restriction. You never run out of version numbers. > > -Barry
That's essentially what I see as the chief use-case for testpypi.python.org. I don't think pypi.python.org needs to support this as well. Simple is better than complex after all :) Cheers, Ian _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig