[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Richard Jones r1chardj0n3s at gmail.com
Mon Jan 30 08:10:50 CET 2012


This has been discussed previously (see the mailing list archive.) As a
matter of policy we will always allow users to delete their content from
pypi.
On Jan 30, 2012 5:26 PM, "Thomas Lotze" <thomas at thomas-lotze.de> wrote:

> Richard Jones wrote:
>
> > I'm considering closing this loophole by retaining a record of the
> > uploaded file (though not the contents) so that future uploads with the
> > same name wouldn't be allowed. I understand that this is how the ruby gem
> > archive handles deletion of files.
>
> I'd even suggest disallowing to delete files in the first place and
> retain them including their contents. I regularly see trouble arising from
> files having been deleted from PyPI that are needed even after their
> authors considered them obsolete. This may simply be due to version
> pinning in some application deployment or similar.
>
> --
> Thomas
>
>
>
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120130/0dc8425d/attachment-0001.html>


More information about the Catalog-SIG mailing list