[Catalog-sig] remove historic download/homepage links for a project
Tres Seaver
tseaver at palladion.com
Fri Mar 1 04:08:34 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/28/2013 06:21 PM, Richard Jones wrote:
> On 1 March 2013 04:10, Tres Seaver <tseaver at palladion.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 02/28/2013 11:27 AM, Ronald Oussoren wrote:
>>
>>> But necessary to have. Or am the only one that accidently released
>>> a version that had serious bugs?
>>
>> Nope. The way to address such a version is to release a new, fixed
>> version (preferably one with a suitably-PEP-compliant version which
>> indicates the version being corrected). The only legitimate reason
>> to yank a release is that you are under legal compulsion to do so
>> (a takedown notice or equivalent), or you discover that the version
>> released has been trojaned in some way.
>
> You may have listed the only reason *you will allow* but the owner of
> the package can do whatever they want. You're correct that once the
> package is "out in the wild" you can't get all those copies back, but
> they can (for whatever reason they have and no, I'm not going to
> needlessly speculate) remove it from PyPI. You have no legal or moral
> right to compel them to do otherwise.
I wasn't claiming any right: I was arguing that anybody who shares
software with the community does the community a disservice by removing a
release because it "has serious bugs." Brown-bag releases happen: ab
open source community repairs the damage from them by making new
releases, not by covering them up.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlEwG7IACgkQ+gerLs4ltQ6RCACggZ38+vBTCXGlnwtm/mrmvkCp
370An1S6hQJkmJBVFQ5dkO+XeElkUPuj
=zjAd
-----END PGP SIGNATURE-----
More information about the Catalog-SIG
mailing list