If you have a non-release release with some description text and a home-page that points to where active development is going on (that could constitute "functionality" in a non-code way), I think that should preempt a reasonable person (which is hopefully a superset of maintainers) from deleting it.
On Mon, Jan 16, 2017 at 3:02 PM, Dariusz Suchojad <ds...@zato.io> wrote: > On 13/01/17 19:08, Lukasz Langa wrote: > > > Invalid projects > > ---------------- > > > > A project published on the Package Index meeting ANY of the following > > is considered invalid and will be removed from the Index: > > [...] > > > * project is name squatting (package has no functionality or is > > empty); > > [...] > > Greetings, > > I'd like to clarify a certain aspect that I reckon is not covered by the > PEP yet. > > There are several packages on PyPI in the 'zato' namespace, such as: > > https://pypi.python.org/pypi/zato > https://pypi.python.org/pypi/zato-enclog > https://pypi.python.org/pypi/zato-apitest > > Naturally, this is a namespace by convention only and on top of that, > one will note that the first link is a 404. The PyPI package 'zato' does > exist but it does not have any release. This is on purpose. > > The reason is that although Zato is written mostly in Python, we are not > planning to make it available on PyPI instead opting to provide binary > system packages, including installers for Docker or AWS Elastic > Beanstalk, simply because the installers perform a lot of tasks that are > outside of pip's scope: > > https://zato.io/docs/admin/guide/install/index.html > > However, there was a case when a third party registered the 'zato' > package in PyPI simply because they thought it a cool idea. This caused > confusion among prospective Zato users who expected to find software > that had never been uploaded to PyPI by its developers. In the end the > third party handed the PyPI package off and everything was resolved > amicably but I'm now worried this can happen again. > > In particular, I worry that an eager contributor will eventually author > a script that will find all the packages considered invalid per PEP 541, > they will be deleted and someone else will register 'zato' again and > unfortunately this will cause commotion on our end again. It happened > before thus it's not a hypothetical scenario. And perhaps this time the > third party will be less inclined to cooperate so even more time will be > wasted until the situation is resolved. > > Short of adding namespaces to PyPI/Warehouse, I'm wondering how this can > be prevented. Can there be added a clause to the PEP that only packages > whose existence cannot be explain away in email by their maintainers be > considered invalid in case of packages with no functionality nor > contents? I realize that this adds to the PyPI's maintainers workload > which was to be lessened thanks to this PEP but I'm honestly worried > that as it stands now, the PEP does not cover this particular use-case > that I'm concerned about. > > Essentially, this is preventive squatting for the greater good, so to > speak, by people who are actually entitled to do it and who would be > doing it anyway if namespaces were available. > > kind regards, > > -- > Dariusz Suchojad > > https://zato.io > ESB, SOA, REST, APIs and Cloud Integrations in Python > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
