[Catalog-sig] remove historic download/homepage links for a project
Richard Jones
richard at python.org
Fri Mar 1 00:21:59 CET 2013
On 1 March 2013 04:10, Tres Seaver <tseaver at palladion.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/28/2013 11:27 AM, Ronald Oussoren wrote:
>
>> But necessary to have. Or am the only one that accidently released a
>> version that had serious bugs?
>
> Nope. The way to address such a version is to release a new, fixed
> version (preferably one with a suitably-PEP-compliant version which
> indicates the version being corrected). The only legitimate reason to
> yank a release is that you are under legal compulsion to do so (a
> takedown notice or equivalent), or you discover that the version released
> has been trojaned in some way.
You may have listed the only reason *you will allow* but the owner of
the package can do whatever they want. You're correct that once the
package is "out in the wild" you can't get all those copies back, but
they can (for whatever reason they have and no, I'm not going to
needlessly speculate) remove it from PyPI. You have no legal or moral
right to compel them to do otherwise.
Richard
More information about the Catalog-SIG
mailing list