On 29 Sep 2014 19:50, "Nick Coghlan" <ncoghlan@gmail.com> wrote:
>
>
> On 29 Sep 2014 19:04, "M.-A. Lemburg" <mal@egenix.com> wrote:
> >
> > Do you seriously want to force package authors to cut a new release
> > just because a single uploaded distribution file is broken for
> > some reason and then ask all users who have already installed one
> > of the non-broken ones to upgrade again, even though they are not
> > affected ?
>
> Yes, I do. Silently changing released artefacts is actively user hostile. It breaks mirroring, it breaks redistribution, it breaks security audits, and it can even break installation for security conscious users that are using peep rather than pip.

One caveat on this: it would potentially be convenient to have a "release" field in the wheel naming scheme, and adopt a similar approach for other binary formats like Windows installers, specifically to allow those to be updated without needing to do a full source version update.

It's the silent substitution of file contents I have a fundamental problem with, not the notion of being able to publish an updated platform specific build artefact without having to bump the source release version.

Cheers,
Nick.