[Catalog-sig] an immutable mirror of PyPI
Terry Reedy
tjreedy at udel.edu
Mon Jul 18 22:43:34 CEST 2011
On 7/16/2011 6:58 AM, Martijn Faassen wrote:
> Okay, so this scenario is possible:
>
> * developer of a popular package gets fed up for unknown reasons
>
> * removes his package from PyPI (not realizing the thing below)
>
> * someone else notices this and recreates the package maliciously
pypi could prohibit the reuse of deleted package names.
If a name was 'retired' for legal reasons, then it should stay retired
anyway.
--
Terry Jan Reedy
More information about the Catalog-SIG
mailing list