[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

Ian Bicking ianb at colorstudy.com
Fri Jun 18 19:01:48 CEST 2010

On Fri, Jun 18, 2010 at 11:47 AM, Mark Ramm <mark at geek.net> wrote:

> On Thu, Jun 17, 2010 at 5:41 PM, "Martin v. Löwis" <martin at v.loewis.de>
> wrote:
> >> It does?  I thought PyPI kept everything around (but hidden) unless the
> >> author went in and manually deleted old stuff.  You just need to go to a
> >> deep link, e.g., http://pypi.python.org/pypi/SomePackage/0.1
> >
> > Sure, but owners *do* manually delete old stuff.
> Am I wrong in remembering that old packages get dropped from the
> simple index?
> I'm not saying they get deleted from the server, but they are made
> unavailable to easy_install without special knowledge of how to get
> them,   So old packages can have requirements in setup.py which become
> unavailable  for simple install.

If you give pip or easy_install (or I assume buildout) a requirement like
Foo==0.1, then they will look at http://pypi.python.org/simple/Foo/0.1, and
if the release is hidden that will still return the links for that version
of the package.  If you give a version like Foo<=0.1 then it won't work
(assuming 0.1 is hidden), as there's no deep link that either installer will
look at.

A weird case is that links in long_description in old releases will show up
regardless, so if you actually want to purge a link (e.g., to a non-existent
repository) then it require editing all versions of the package.  This might
be unintentional.

Ian Bicking  |  http://blog.ianbicking.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100618/20c0b20e/attachment.html>

More information about the Catalog-SIG mailing list