<div dir="ltr">If you have a non-release release with some description text and a home-page that points to where active development is going on (that could constitute "functionality" in a non-code way), I think that should preempt a reasonable person (which is hopefully a superset of maintainers) from deleting it.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 16, 2017 at 3:02 PM, Dariusz Suchojad <span dir="ltr"><<a href="mailto:dsuch@zato.io" target="_blank">dsuch@zato.io</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 13/01/17 19:08, Lukasz Langa wrote:<br>
<br>
> Invalid projects<br>
> ----------------<br>
><br>
> A project published on the Package Index meeting ANY of the following<br>
> is considered invalid and will be removed from the Index:<br>
<br>
</span>[...]<br>
<span class=""><br>
> * project is name squatting (package has no functionality or is<br>
> empty);<br>
<br>
</span>[...]<br>
<br>
Greetings,<br>
<br>
I'd like to clarify a certain aspect that I reckon is not covered by the<br>
PEP yet.<br>
<br>
There are several packages on PyPI in the 'zato' namespace, such as:<br>
<br>
<a href="https://pypi.python.org/pypi/zato" rel="noreferrer" target="_blank">https://pypi.python.org/pypi/<wbr>zato</a><br>
<a href="https://pypi.python.org/pypi/zato-enclog" rel="noreferrer" target="_blank">https://pypi.python.org/pypi/<wbr>zato-enclog</a><br>
<a href="https://pypi.python.org/pypi/zato-apitest" rel="noreferrer" target="_blank">https://pypi.python.org/pypi/<wbr>zato-apitest</a><br>
<br>
Naturally, this is a namespace by convention only and on top of that,<br>
one will note that the first link is a 404. The PyPI package 'zato' does<br>
exist but it does not have any release. This is on purpose.<br>
<br>
The reason is that although Zato is written mostly in Python, we are not<br>
planning to make it available on PyPI instead opting to provide binary<br>
system packages, including installers for Docker or AWS Elastic<br>
Beanstalk, simply because the installers perform a lot of tasks that are<br>
outside of pip's scope:<br>
<br>
<a href="https://zato.io/docs/admin/guide/install/index.html" rel="noreferrer" target="_blank">https://zato.io/docs/admin/<wbr>guide/install/index.html</a><br>
<br>
However, there was a case when a third party registered the 'zato'<br>
package in PyPI simply because they thought it a cool idea. This caused<br>
confusion among prospective Zato users who expected to find software<br>
that had never been uploaded to PyPI by its developers. In the end the<br>
third party handed the PyPI package off and everything was resolved<br>
amicably but I'm now worried this can happen again.<br>
<br>
In particular, I worry that an eager contributor will eventually author<br>
a script that will find all the packages considered invalid per PEP 541,<br>
they will be deleted and someone else will register 'zato' again and<br>
unfortunately this will cause commotion on our end again. It happened<br>
before thus it's not a hypothetical scenario. And perhaps this time the<br>
third party will be less inclined to cooperate so even more time will be<br>
wasted until the situation is resolved.<br>
<br>
Short of adding namespaces to PyPI/Warehouse, I'm wondering how this can<br>
be prevented. Can there be added a clause to the PEP that only packages<br>
whose existence cannot be explain away in email by their maintainers be<br>
considered invalid in case of packages with no functionality nor<br>
contents? I realize that this adds to the PyPI's maintainers workload<br>
which was to be lessened thanks to this PEP but I'm honestly worried<br>
that as it stands now, the PEP does not cover this particular use-case<br>
that I'm concerned about.<br>
<br>
Essentially, this is preventive squatting for the greater good, so to<br>
speak, by people who are actually entitled to do it and who would be<br>
doing it anyway if namespaces were available.<br>
<br>
kind regards,<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Dariusz Suchojad<br>
<br>
<a href="https://zato.io" rel="noreferrer" target="_blank">https://zato.io</a><br>
ESB, SOA, REST, APIs and Cloud Integrations in Python<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
______________________________<wbr>_________________<br>
Distutils-SIG maillist - <a href="mailto:Distutils-SIG@python.org">Distutils-SIG@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/distutils-sig" rel="noreferrer" target="_blank">https://mail.python.org/<wbr>mailman/listinfo/distutils-sig</a><br>
</div></div></blockquote></div><br></div>