[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Andreas Jung lists at zopyx.com
Thu Jun 17 18:53:41 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ronald Oussoren wrote:
> 
> On 17 Jun, 2010, at 13:20, Patrick Gerken wrote:
>>
>>
>>     Please have a look at the package in question. The only problem
>>     with it is that the download URL registered on PyPI no longer works.
>>     It redirects to the download page where you can find the source
>>     distribution.
>>
>>
>> And thats exactly what Andreas' argument is targeting.
>>  
> 
> Note that even a requirement to upload a package to PyPI won't reliably
> solve Andreas' problem, the package owner could remove a release or even
> the entire package.  

Released is released. There are only very few cases where one should be
allowed to remove packages (e.g. containing viruses, malware etc.).
Otherwise released stuff must not be touched.

- -aj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwaUxUACgkQCJIWIbr9KYxmnACaAwDSSRLdU4wViW+Bql6sKMmt
XXkAoLSsgw7A5BIizfZcEqM9WxqnT2+C
=j+F8
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100617/d6906180/attachment.vcf>


More information about the Catalog-SIG mailing list