[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Robert Collins robertc at robertcollins.net
Mon Jan 30 00:59:09 CET 2012


On Mon, Jan 30, 2012 at 12:47 PM, Richard Jones <r1chardj0n3s at gmail.com> wrote:
> I'm considering closing this loophole by retaining a record of the
> uploaded file (though not the contents) so that future uploads with
> the same name wouldn't be allowed. I understand that this is how the
> ruby gem archive handles deletion of files.

Please allow for never-downloaded files to be replaced; or perhaps
some low threshold (like 2 or 3) downloads. Its handy when a bad
upload is made to just-fix-it.

-Rob


More information about the Catalog-SIG mailing list