![](https://secure.gravatar.com/avatar/96dd777e397ab128fedab46af97a3a4a.jpg?s=120&d=mm&r=g)
Hi All, I just got through deleting a bunch of pre-releases on PyPi and it occurred to me that we should have a policy as to what releases should be kept. I think that reproducibility requires that we keep all the major and micro versions, but if so, we should make that an official guarantee. Perhaps a short NEP? This might even qualify for an SPEC. Thoughts? Chuck
![](https://secure.gravatar.com/avatar/d9ac9213ada4a807322f99081296784b.jpg?s=120&d=mm&r=g)
Hi Chuck, On Tue, Sep 3, 2024, at 08:18, Charles R Harris wrote:
I just got through deleting a bunch of pre-releases on PyPi and it occurred to me that we should have a policy as to what releases should be kept. I think that reproducibility requires that we keep all the major and micro versions, but if so, we should make that an official guarantee. Perhaps a short NEP? This might even qualify for an SPEC. Thoughts?
That sounds right to me: keep any versions that aren't expressly targeted for testing (rc's, beta's, etc.). We still have the GitHub tags for those, should developers want to reproduce them. Stéfan
![](https://secure.gravatar.com/avatar/48f28dc74ffa851aab0ebcbf2afe1302.jpg?s=120&d=mm&r=g)
Hi Chuck, I've got a version of a package on PyPI that requires Numpy 2.0.0rc1 at build time. Not the best decision in hindsight, but I assumed that Numpy was the kind of project that wouldn't remove published distributions unless there were security issues. It had not up today, right? Would it be possible to restore 2.0.0rc1? On Tue, Sep 3, 2024 at 9:20 AM Charles R Harris <charlesr.harris@gmail.com> wrote:
-- Sean Gillies
![](https://secure.gravatar.com/avatar/96dd777e397ab128fedab46af97a3a4a.jpg?s=120&d=mm&r=g)
On Tue, Sep 3, 2024 at 10:46 AM Sean Gillies <sean.gillies@gmail.com> wrote:
No. Once deleted it is always deleted, that is enforced by PyPi. I do plan to keep the latest rc versions around for a while because some folks may still be testing against them, but stable releases should not be built against them. Making that explicit should help avoid problems in the future. The reason I deleted what I did was to keep our PyPi disk usage down, it is currently about 30 GB, with an upper limit of 40 GB. We have 52 wheels and one sdist for the 2.,1.1 release, and that will go up when we start having wheels for WASM and Microsoft arm64. I did delete a bunch before when we hit the disk limit. Sorry about that, I should have posted before deleting. HIndsight and all that ... Chuck
![](https://secure.gravatar.com/avatar/72f994ca072df3a3d2c3db8a137790fd.jpg?s=120&d=mm&r=g)
I would prefer we never delete packages once we upload them to PyPI, unless there are security issues with them. As Sean demonstrated, someone somewhere is going to be using them, and deleting packages will inevitably break something. Matti On Tue, Sep 3, 2024 at 7:44 PM Sean Gillies <sean.gillies@gmail.com> wrote:
![](https://secure.gravatar.com/avatar/5f88830d19f9c83e2ddfd913496c5025.jpg?s=120&d=mm&r=g)
On Tue, Sep 3, 2024 at 7:53 PM Peter Cock via NumPy-Discussion < numpy-discussion@python.org> wrote:
The only reason we deleted pre-releases in the past is for space limit constraints (PyPI has a serious issue with approving limit increase requests). We may have to do that again, but shouldn't delete anything less than 2 years old. I've always kept the last 2 years of pre-releases as well as the 1.0 pre-releases which are of historical interest. Cheers, Ralf
![](https://secure.gravatar.com/avatar/d9ac9213ada4a807322f99081296784b.jpg?s=120&d=mm&r=g)
Hi Chuck, On Tue, Sep 3, 2024, at 08:18, Charles R Harris wrote:
I just got through deleting a bunch of pre-releases on PyPi and it occurred to me that we should have a policy as to what releases should be kept. I think that reproducibility requires that we keep all the major and micro versions, but if so, we should make that an official guarantee. Perhaps a short NEP? This might even qualify for an SPEC. Thoughts?
That sounds right to me: keep any versions that aren't expressly targeted for testing (rc's, beta's, etc.). We still have the GitHub tags for those, should developers want to reproduce them. Stéfan
![](https://secure.gravatar.com/avatar/48f28dc74ffa851aab0ebcbf2afe1302.jpg?s=120&d=mm&r=g)
Hi Chuck, I've got a version of a package on PyPI that requires Numpy 2.0.0rc1 at build time. Not the best decision in hindsight, but I assumed that Numpy was the kind of project that wouldn't remove published distributions unless there were security issues. It had not up today, right? Would it be possible to restore 2.0.0rc1? On Tue, Sep 3, 2024 at 9:20 AM Charles R Harris <charlesr.harris@gmail.com> wrote:
-- Sean Gillies
![](https://secure.gravatar.com/avatar/96dd777e397ab128fedab46af97a3a4a.jpg?s=120&d=mm&r=g)
On Tue, Sep 3, 2024 at 10:46 AM Sean Gillies <sean.gillies@gmail.com> wrote:
No. Once deleted it is always deleted, that is enforced by PyPi. I do plan to keep the latest rc versions around for a while because some folks may still be testing against them, but stable releases should not be built against them. Making that explicit should help avoid problems in the future. The reason I deleted what I did was to keep our PyPi disk usage down, it is currently about 30 GB, with an upper limit of 40 GB. We have 52 wheels and one sdist for the 2.,1.1 release, and that will go up when we start having wheels for WASM and Microsoft arm64. I did delete a bunch before when we hit the disk limit. Sorry about that, I should have posted before deleting. HIndsight and all that ... Chuck
![](https://secure.gravatar.com/avatar/72f994ca072df3a3d2c3db8a137790fd.jpg?s=120&d=mm&r=g)
I would prefer we never delete packages once we upload them to PyPI, unless there are security issues with them. As Sean demonstrated, someone somewhere is going to be using them, and deleting packages will inevitably break something. Matti On Tue, Sep 3, 2024 at 7:44 PM Sean Gillies <sean.gillies@gmail.com> wrote:
![](https://secure.gravatar.com/avatar/5f88830d19f9c83e2ddfd913496c5025.jpg?s=120&d=mm&r=g)
On Tue, Sep 3, 2024 at 7:53 PM Peter Cock via NumPy-Discussion < numpy-discussion@python.org> wrote:
The only reason we deleted pre-releases in the past is for space limit constraints (PyPI has a serious issue with approving limit increase requests). We may have to do that again, but shouldn't delete anything less than 2 years old. I've always kept the last 2 years of pre-releases as well as the 1.0 pre-releases which are of historical interest. Cheers, Ralf
participants (6)
-
Charles R Harris
-
matti picus
-
Peter Cock
-
Ralf Gommers
-
Sean Gillies
-
Stefan van der Walt