On 15 October 2015 at 09:55, Glyph Lefkowitz email@example.com wrote:
On Oct 14, 2015, at 10:36 AM, Nathaniel Smith firstname.lastname@example.org wrote:
My feeling is that pypi is correct to disallow the mutation of releases once they become public, but that the ergonomics around this could probably be improved :-). A more general solution that might be nice to have Someday would be if you could upload a release in one step, and then get a private link to poke at what was uploaded and make sure it looks correct, before making it public in a second step.
IMHO it would be really neat if 'pip' could authenticate to PyPI, and the authentication could affect package visibility, so that you could end-to-end test 'pip install foo' and ensure that you get what you expect before pushing the go-live switch.
And if its bust for you?
Surely testpypi is equally good and its an existing solution?