Would this also affect the ability to update the "readme" information for a version on PyPI (i.e. the information displayed on the default home page generated by PyPI for the release) once the version has already been uploaded to PyPI? There are sometimes issues encountered with the display of that information that can't easily be checked without doing an actual version upload. I haven't recently tried reuploading the metadata for a version, mainly because of uncertainty around how PyPI would handle it. Thanks, --Chris On Sun, Sep 28, 2014 at 12:31 PM, Donald Stufft <donald.stufft@rackspace.com> wrote:
Hello All!
I'd like to discuss the idea of moving PyPI to having immutable files. This would mean that once you publish a particular file you can never reupload that file again with different contents. This would still allow deleting the file or reuploading it if the checksums match what was there prior.
This would be good for a few reasons:
* It represents "best practices" for version numbers. Ideally if two people have version "2.1" of a project, they'll have the same code, however as it stands two people installing at two different times could have two very different versions.
* This will make improving the PyPI infrastructure easier, in particular it will make it simpler to move away from using a glusterfs storage array and switch to a redudant set of cloud object stores.
In the past this was brought up and a few points were brought against it, those were:
1. That authors could simply change files that were hosted on not PyPI anyways so it didn't really do much.
2. That it was too hard to test a release prior to uploading it due to the nature of distutils requiring you to build the release in the same command as the upload.
With the fact that pip no longer hits external URLs by default, I believe that the first item is no longer that large of a factor. People can do whatever they want on external URLs of course, however if something is coming from PyPI as end users should now be aware of, they can know it is immutable.
Now that there is twine, which allows uploading already created packages, I also believe that the second item is no longer a concern. People can easily create a distribution using ``setup.py sdist``, test it, and then upload that exact thing they tested using ``twine upload <path to sdist>``.
--- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig