From my understanding, it's possible for a pypi project owner to delete, and then re-upload a different distribution with the same version.
how does devpi handle this?  update the cache?  ignore this kind of update?
I'm guessing devpi updates the cache, which makes sense.  It's not devpi's job to do more than pypi is doing.
Just want to know devpi's stance on this, and know that it's intentional.
If this is in the docs, let me know.
P.S. I'm aware of peep as a client-side solution, and at some pt, pip will grow "lock files" as well I think.