[Catalog-sig] [Proposal] Registered packages must provide the source code distribution on PyPI

P.J. Eby pje at telecommunity.com
Fri Jun 18 23:13:40 CEST 2010 

At 12:01 PM 6/18/2010 -0500, Ian Bicking wrote:
>On Fri, Jun 18, 2010 at 11:47 AM, Mark Ramm 
><<mailto:mark at geek.net>mark at geek.net> wrote:
>On Thu, Jun 17, 2010 at 5:41 PM, "Martin v. Löwis" 
><<mailto:martin at v.loewis.de>martin at v.loewis.de> wrote:
> >> It does? Â I thought PyPI kept everything around (but hidden) unless the
> >> author went in and manually deleted old stuff. Â You just need to go to a
> >> deep link, e.g., 
> <http://pypi.python.org/pypi/SomePackage/0.1>http://pypi.python.org/pypi/SomePackage/0.1 
>
> >
> > Sure, but owners *do* manually delete old stuff.
>Am I wrong in remembering that old packages get dropped from the
>simple index?
>I'm not saying they get deleted from the server, but they are made
>unavailable to easy_install without special knowledge of how to get
>them, Â  So old packages can have requirements in setup.py which become
>unavailable  for simple install.
>
>
>If you give pip or easy_install (or I assume buildout) a requirement 
>like Foo==0.1, then they will look at 
><http://pypi.python.org/simple/Foo/0.1>http://pypi.python.org/simple/Foo/0.1,

easy_install doesn't do that, unless you explicitly add that URL via 
-f or --find-links.  Is that a feature you added in pip?


>and if the release is hidden that will still return the links for 
>that version of the package.  If you give a version like Foo<=0.1 
>then it won't work (assuming 0.1 is hidden), as there's no deep link 
>that either installer will look at.
>
>A weird case is that links in long_description in old releases will 
>show up regardless, so if you actually want to purge a link (e.g., 
>to a non-existent repository) then it require editing all versions 
>of the package.  This might be unintentional.

It's at least consistent -- all URLs for all versions (whether hidden 
or not) show up when you access the packagewide page.

There was some discussion in the past about whether this was 
appropriate; IMO it's not, as it was an effective API change from the 
pre-/simple days.  Before, if a release was hidden, there was no way 
for easy_install to find it except via explicit -f usage.  Now, there 
is no way for an author to hide a release from automatic installation 
and still allow for manual installation.

More information about the Catalog-SIG mailing list