Issues created:

 * Ignore dup uploads instead of error:
 * Rename "/legacy" API URL:
 * Propose "packaging announce" mailing list:
     o Previous issue noting challenges in communicating on packaging,
       many of the same concerns still seem relevant:
 * Explain what "pre-production" means on Warehouse:
 * Deprecation notice added to:
     o Issue created to enhance docs for TestPyPI:
 * Better error message for PEP 527 accepted file types:

I hope I got all the right places for those issues.

Thanks Donald for the clear reply from which it was easy to create these separate issues. I didn't realize you had so little paid time to work on packaging issues. I'm surprised with all the large companies that use Python that the PSF can't secure more donations to invest in fixing these issues. Or that someone like Redhat can't get a couple engineers to devote time for a couple years like they do to other OSS projects. (No criticism intended, just musing).

*Randy Syring*
Husband | Father | Redeemed Sinner

/"For what does it profit a man to gain the whole world
and forfeit his soul?" (Mark 8:36 ESV)/

On 08/04/2017 05:51 PM, Donald Stufft wrote:

On Aug 4, 2017, at 4:43 PM, Lucas Boppre Niehues < <>> wrote:

I just had a dreadful day dealing with PyPI and the migrations that are happening. I'm posting this rant here in hopes of reaching the people who can fix it (apologies if I'm in the wrong list), or at least offer an explanation of the events that happened.

- Any and all feedback is welcome, but please be charitable.
- I'm angry *at* things, I hope not to offend anybody.
- I'm posting this rant here and not reddit or hn to ensure the discussion stays between the interested parties and not the whole internet.

For formatting reasons the text is here:

Thank you for your attention
Distutils-SIG maillist - <>

Going through your text, there’s a mixture of things that sort of combined here, I’m kind of just going to stream of conscious reply to them here, because I can’t reply inline.

> error: No dist file created in earlier command

Yes, `` upload`` *requires* you to create the files it is uploading within the same command during the upload. This is one of the reasons that twine as a tool exists and is generally recommended.

> It's the exact same file. You could add a check for it and ignore, but no, it had to be an error.

This seems like a reasonable feature request, please file an issue with Warehouse asking for it so I don’t forget it.

> It seems that long_description in was missed entirely.

I’m not sure what happened here. If you share the package I can probably figure it out though. I’m not currently aware of any bugs with how long_description is handled.

> By the way, why was this feature included in the register command?

This was not an explicit feature of the register command, and more of an accident in the way things got implemented in PyPI’s decade+ history.

> [Stuff about editing the description]

You located the issue on Warehouse. The fundamental issue here is trying to find the right balance between constraining authors so that end users can have a consistent behavior between packages and giving authors power to best manage their own projects. Discussion about editing the description is probably best handled on the warehouse issue though (Which I forgot to update with my thoughts!).

> My has been communicating with by default. Note the legacy part.

This is confusing, and it is essentially due to the fact there are two things here which are considered “legacy”. One is the legacy codebase/deployment that currently powers <> which are are slowly replacing and migrating things over to the new, modern code base that powers <>. The other thing is the actual upload API itself, which has stayed the same currently, but which I plan to replace at some point in the future. This API is also considered “legacy” (it just doesn’t have a replacement yet). So the legacy in has to do with the API rather than the location/deployment.

I probably should have named it something other than /legacy/, my goal was mostly that changing URLs is hard (it requires a bunch of documentation/updates in different packages and N years for that to percolate out) so since we were forcing people to change the URLs with the move from <> to <>, might as well get it all done at once. It might be reasonable to name it something else now, and just keep the /legacy/ around as an alias. I’m not sure if that adds or subtracts from the confusion, but if you think that would have helped you, please open a new issue on Warehouse.

> The "new APIs" seem to be missing at last one important feature

Some of this is purposeful as we attempt to rein in some of the more “random” features that PyPI has grown over time. Some of it is accidental as there’s not really any documentation about what PyPI provides, and people have, over the decade of it’s existence, depended on all sorts of random bits and pieces of PyPI which makes it hard to tell what people are even using.

> I must have missed the deprecation period that preceded the complete removal of the old APIs. A friendly email would have been nice if you expect me to migrate to a new solution.

This is a hard balance to strike. When I have generated emails in the past I tend to get a slew of people berating me for sending them emails about things. Particularly for changes like this where there belief is that for most people, the impact should be minimal, if there is any at all. I do try to at least tweet and post to distutils-sig about possibly disruptive changes like this. For this specific change, that thread was at

> The new website is "pre-production”.

This is mostly just a warning at this point that the UI might return funky results, some things might not be great yet, and to not start throwing the full force of people’s production traffic at it. The current hosting arrangement can’t handle the full amount of traffic we get from ``pip install …`` (but uploads are fine!) and we’re working on building on the new infrastructure with our future hosting arrangement that can handle the full production load.

> HTTPError: 400 Client Error: Invalid file extension. for url:

The ability to upload anything besides sdists, wheels, and eggs was deprecated and removed. You can read the PEP that removed them at

> Maybe the tutorial is outdated, and TestPyPI supports auto-registration now?

I don’t think anyone has kept the tutorial on <> up to date. To be frank, I don’t even know how to update <>. Generally we’ve been trying to consolidate packaging documentation onto <> — although I don’t think we have one for TestPyPI yet.

TestPyPI itself is also severely under maintained. I don’t use it so I rarely even think about it and my time is stretched thin to an extreme degree. I plan on getting rid of TestPyPI at some point and replacing it with something better, You can see discussion about that at

> I try python bdist upload

As I mentioned above, we deprecated/removed everything but sdist, wheels, and eggs as per PEP 527. We could probably do better error messages here though.

> I can't even specify the description of a package, not even during registration or upload.

Tell me your package name privately or publicly and I’ll figure out what went wrong.

> I cannot even report the issues. [ ... ] because there's no clear location to report them.

This is a problem, and we don’t really have a good solution for them. I think generally what happens is people just open them on whichever tool they think is the best fit, and the authors of these tools all know each other, and if it ends up getting filed in the incorrect place, we just redirect people tot he correct place.

> I am trying to donate my precious free time to the Python community by offering free software, receiving absolutely no compensation whatsoever, and every step of the experience has been shitty.

I/we understand that, and we’re generally trying to do the best we can with what limited resources we have. The flip side of this is that we’re *also* (for the most part) donating our precious free time to the Python community to run PyPI (and the other PSF services too!). For the record, in July PyPI used something just under 1 Petabyte of bandwidth and served 38 billion HTTP requests.

People working on that include myself with 16h/week of paid time (split between *all* of the packaging related tools I work on) plus something like 20-30h/week of volunteer time (on top of the additional 24h/week of time I spent working on my employers projects). On the ops side there is another individual (who I won’t name here to prevent him from getting drug into this [1]) who donates his spare time as well (though I don’t know offhand how much that is).

As far as keeping PyPI running as well as getting the new code base developed and deployed… that’s about it [2]. This is a service used by ~everyone in the Python community without even a single full time person on it.

We’re trying to slowly migrate to a new code base which is (A) easier to maintain/scale taking up fewer hours (B) easier to actually work on to develop new features, which will hopefully help attract and retain new contributors and (C) has removed decades of cruft that has built up and either explicitly made something supported or explicit decided it is no longer supported, instead of a quasi supported “well it’s what PyPI does” scenario we have now.

This probably won’t be the last less than perfect phase of the migration to the new code base. My best recommendation if you don’t want to discover these things JIT (even though we *do* try to minimize them) is to subscribe to and follow distutils-sig. Alternatively if you want to get more involved, one thing we’re severely lacking is a better mechanism for communicating these things to users, and if you wanted to propose/get sign off/implement/etc something for that, then that is another possibility. Finally if you wanted you could also get involved in actually shaping the direction of these tools, either by discussing on distutils-sig and in their respective issue trackers, or by becoming an active contributor. That’s the best way to ensure that your relevant use cases are considered during the design or execution of things.

[1] Folks can yell at me if they want, don’t go yelling at other contributors. Generally the buck stops with me anyways. [2] There is a designer working on the new code base, and there have been some other contributors, but since this is about the APIs and maintenance I left them out.

Donald Stufft

Distutils-SIG maillist  -

Distutils-SIG maillist  -

Reply via email to