[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Ben Finney ben+python at benfinney.id.au
Thu Feb 2 07:00:50 CET 2012

Richard Jones <richard at python.org> writes:

> Given it appears to be controversial, I'm just going to drop it. I
> just don't need the aggravation. PyPI can retain its ability to serve
> up potentially confusing file content.

+1 for refusing new uploads of different files served with old names.

Like it or not, PyPI is now a dependency system for applications, and
its API relies on filenames. I don't want the aggravation of a
dependency API that relies on filenames, but allows the same name to
serve a different file.

 \       “Science and religion are incompatible in the same sense that |
  `\       the serious pursuit of knowledge of reality is incompatible |
_o__)                       with bullshit.” —Paul Z. Myers, 2010-03-14 |
Ben Finney

More information about the Catalog-SIG mailing list