[Catalog-sig] Proposal: close the PyPI file-replacement loophole
r1chardj0n3s at gmail.com
Mon Jan 30 08:10:50 CET 2012
This has been discussed previously (see the mailing list archive.) As a
matter of policy we will always allow users to delete their content from
On Jan 30, 2012 5:26 PM, "Thomas Lotze" <thomas at thomas-lotze.de> wrote:
> Richard Jones wrote:
> > I'm considering closing this loophole by retaining a record of the
> > uploaded file (though not the contents) so that future uploads with the
> > same name wouldn't be allowed. I understand that this is how the ruby gem
> > archive handles deletion of files.
> I'd even suggest disallowing to delete files in the first place and
> retain them including their contents. I regularly see trouble arising from
> files having been deleted from PyPI that are needed even after their
> authors considered them obsolete. This may simply be due to version
> pinning in some application deployment or similar.
> Catalog-SIG mailing list
> Catalog-SIG at python.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalog-SIG