[Catalog-sig] Proposal: close the PyPI file-replacement loophole
Ben Finney
ben+python at benfinney.id.au
Thu Feb 2 07:00:50 CET 2012
Richard Jones <richard at python.org> writes:
> Given it appears to be controversial, I'm just going to drop it. I
> just don't need the aggravation. PyPI can retain its ability to serve
> up potentially confusing file content.
+1 for refusing new uploads of different files served with old names.
Like it or not, PyPI is now a dependency system for applications, and
its API relies on filenames. I don't want the aggravation of a
dependency API that relies on filenames, but allows the same name to
serve a different file.
--
\ “Science and religion are incompatible in the same sense that |
`\ the serious pursuit of knowledge of reality is incompatible |
_o__) with bullshit.” —Paul Z. Myers, 2010-03-14 |
Ben Finney
More information about the Catalog-SIG
mailing list