Thank you for the kind responses. I hope I haven't offended anybody, and please know that I'm incredibly grateful for all the sweat and blood that has been poured into these projects. I'm complaining about the current situation to show the largest pain points from my perspective. That's also why I'm posting here and not somewhere more visible. James, please see this is not just me lashing out to vent. This is the first time I ever post a rant. I'm pointing out the problems I experienced in the hopes that the people responsible notice the patterns, and derive solutions from them. I'm sorry for the flowery language, but be sure that the original events contained a lot more expletives, and I think people's reactions are important to prioritization. I've changed development focus before because someone emailed me complaining about a specific part of a project. Donald, thank you very much for the reasoned, helpful and throughout response. Here's my reply to the most important points:
The fundamental issue here is trying to find the right balance between constraining authors so that end users can have a consistent behavior between packages and giving authors power to best manage their own projects. [...] Some of this is purposeful as we attempt to rein in some of the more “random” features that PyPI has grown over time
I'm very glad to hear that. Speaking for myself, I wouldn't mind if PyPI became an API-only service that hosts immutable packages. Even if it makes my life a bit harder and I have to re-invent my release process, I would rather the platform be more solid.
The ability to upload anything besides sdists, wheels, and eggs was deprecated and removed. You can read the PEP that removed them at https://www.python.org/dev/peps/pep-0527/.
That's... interesting. Thank you for the link, this is the first time I'm seeing it. I really liked the Windows installers, but I understand the need to slim down the infrastructure. Also, I now see some of my confusion was because of the invisible "allow legacy file types to be uploaded" flag in some of the projects but not others.
I can't even specify the description of a package, not even during registration or upload. Tell me your package name privately or publicly and I’ll figure out what went wrong.
I cannot even report the issues. [ ... ] because there's no clear location to report them. This is a problem, and we don’t really have a good solution for them. I
https://pypi.python.org/pypi/mouse/0.6.0 https://test.pypi.org/project/mouse/0.6.0 The long description was originally Markdown, and converted to RST by pandoc. I would 100% understand if this conversion triggered some bug. My gripe was that one by one my debugging tools failed in confusing ways. think generally what happens is people just open them on whichever tool they think is the best fit, and the authors of these tools all know each other, and if it ends
up getting filed in the incorrect place, we just redirect people tot he correct place.
Just my 2 cents, but I often not post a bug report at all for fear of wasting the wrong person's time. I'll keep this case in mind, but you may be missing some important reports with this configuration. The "packaging-problems" repo was almost perfect, but I avoided it due to the feeling of being abandoned or exclusive for PyPI developers. An explicit "It's ok to post X, Y and Z bugs here if you are unsure" would have changed my mind.
This is a service used by ~everyone in the Python community without even a single full time person on it.
When I have generated emails in the past I tend to get a slew of people berating me for sending them emails about things. Particularly for changes like this where there belief is that for most
I'm deeply grateful for the work you and the other contributors have put here. I see the project is in good hands, if an insufficient number of them. But this is also an incredibly worrying statement. I work in security, and I know I'll have nightmares after reading this :( people, the impact should be minimal, if there is any at all. That's awful, I'm sorry. Maybe an opt-in system during upload, to appease both crowds? I know I would set "email_me_important_announcements=True" in a heartbeat in my setup.py. Also note that people who don't like impact won't like the changes regardless if you email them or not, though I understand it's not nice to receive hate-mail. To be fair this migration is indeed mostly smooth. PyPI.org looks good, pypi.python.org is still working well (minus one or two deprecated endpoints leading to 410 gone), my setuptools automatically migrated to the legacy API, and I have nothing but praise for twine. And I found the use of HTTP error responses including detailed migration information to be a clever last-resort attempt at reaching the user. I faced several problems in my rant, but fixing any one of them would have solved my situation. I'm sure you guys can get there. Thank you for your patience and hard work, and I hope PyPI continues being one of the pillars of the community.