[Catalog-sig] PyPI's external packages
Richard Jones
richard at python.org
Sat May 14 07:48:47 CEST 2011
On 13 May 2011 21:49, <exarkun at twistedmatrix.com> wrote:
> On 06:35 am, richard at python.org wrote:
> There was one that I couldn't upload. I never figured out why, I just gave
> up on trying to distribute that file. Learning about file format type byte
> headers is also too high a barrier.
You shouldn't need to if it was produced by distutils. A file rejected
in this way is a bug in PyPI.
>> I do not believe we should allow uploading of arbitrary content as
>> packages to PyPI.
>
> I'm not suggesting this.
OK, I misunderstood.
>>
>> [snip]
>>>
>>> Plus, if I really want to dump garbage onto
>>> PyPI, then I can still use the web interface. Making uploading
>>> inconvenient
>>> isn't a strategy for keeping trouble away.
>>
>> The web form for uploading packages is subject to the same file
>> legitimacy tests as the distutils upload command. They both use the
>> same HTTP call on PyPI.
>
> I don't think you understood what I was saying. The fact that the server
> imposes these checks is exactly why letting a user specify any file to
> "setup.py upload" is fine. The server can always reject it if it wants to.
Yep, I understand your point now.
Richard
More information about the Catalog-SIG
mailing list