[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Andreas Jung lists at zopyx.com
Thu Jun 17 09:09:55 CEST 2010

Hash: SHA1

Martin v. Löwis wrote:
>> I propose a policy change for packages registered with PyPI:
>>   - packages registered on PyPI have at least one release
>>   - one release of registered package on PyPI _must_ contain
>>     a valid source code distribution (sdist)
>>   - packages registered on PyPI without releases or without
>>     source code release are subject to be removed after N days
>>     after the day of registration
> So how would you implement that policy change? Please propose a phased
> approach, that gives affected people plenty of options to intervene if
> they disagree with the policy.

It should be fairly easy to figure out affected packages through some
DB query (in fact a similar functionality is already implemented on top
of the XMLRPC API in my zopyx.trashfinder package).

For such packages: send out an email to the package maintainer informing
him about the problem and instructing him to fix the problem within N days.

After N days: recheck the package state and unregister the package if

Or perhaps a less rude approach: introduce status field for each package
(ACTIVE/INACTIVE) and set the state to INACTIVE when the package does
not comply with this policy. Inactive packages won't be listed on PyPI
and won't be searchable on PyPI. Inactive status should be visible
to the author (in logged-in state) with some warning "Package is
inactive..please upload your sdist....).


Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100617/6afb8191/attachment.vcf>

More information about the Catalog-SIG mailing list