On Sep 28, 2014, at 07:31 PM, Donald Stufft wrote:
I'd like to discuss the idea of moving PyPI to having immutable files. This would mean that once you publish a particular file you can never reupload that file again with different contents. This would still allow deleting the file or reuploading it if the checksums match what was there prior.
Although I have abused this in the past, as others have pointed out, because once uploaded I realize there is a bug in the package. There's a certain class of such bugs that prompt a quick re-upload rather than a version rev, such as some display problem on PyPI (because of package metadata), or some follow on packaging bug, such as a missing MANIFEST.in causing Debian package build to fail. Yes, the latter is more easily checked before upload, but sometimes you feel optimistic. ;) This won't make your lives easier, but I'd like to propose some support for "embargoed" uploads. These would be normal uploads except that they wouldn't be publicly available until a 'publish' button were pushed. Such embargoed uploads wouldn't be subject to the checksum limitation, and we'd have to figure out exactly how such packages would be available (certainly to a logged in owner of the project via the web, but perhaps through an authenticated scriptable interface). Even if you decide against supporting something like this, I'd still be okay with the checksum restriction. You never run out of version numbers. -Barry