[Catalog-sig] Allowing the upload of .py files at PyPI

[PJ Eby]

On Thu, Feb 14, 2013 at 6:31 PM, Richard Jones <richard at python.org> wrote:
> The bootstrap.py file would most likely have to be omitted from the
> usual files listing mechanisms as they are used to determine
> installable release packages.

I would feel more comfortable with the proposed mechanism if it
allowed the .py files to retain their original names.  There is a ton
of collateral out there referring people to ez_setup.py, and while I
can (and will) redirect the original URL to wherever it ends up, it'd
be less confusing to keep the name.

Among other things, it would help prevent the sort of phishing attack
where somebody represents *their* ez_setup.py script as the real deal,
while saying that setuptools/bootstrap.py is an obvious forgery, since
it's not named ez_setup.py.  ;-)