[Catalog-sig] remove historic download/homepage links for a project

Ronald Oussoren ronaldoussoren at mac.com
Fri Mar 1 08:09:52 CET 2013 

On 1 Mar, 2013, at 4:08, Tres Seaver <tseaver at palladion.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 02/28/2013 06:21 PM, Richard Jones wrote:
>> On 1 March 2013 04:10, Tres Seaver <tseaver at palladion.com> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>> 
>>> On 02/28/2013 11:27 AM, Ronald Oussoren wrote:
>>> 
>>>> But necessary to have. Or am the only one that accidently released
>>>> a version that had serious bugs?
>>> 
>>> Nope.  The way to address such a version is to release a new, fixed 
>>> version (preferably one with a suitably-PEP-compliant version which 
>>> indicates the version being corrected).  The only legitimate reason
>>> to yank a release is that you are under legal compulsion to do so
>>> (a takedown notice or equivalent), or you discover that the version
>>> released has been trojaned in some way.
>> 
>> You may have listed the only reason *you will allow* but the owner of 
>> the package can do whatever they want. You're correct that once the 
>> package is "out in the wild" you can't get all those copies back, but 
>> they can (for whatever reason they have and no, I'm not going to 
>> needlessly speculate) remove it from PyPI. You have no legal or moral 
>> right to compel them to do otherwise.
> 
> I wasn't claiming any right:  I was arguing that anybody who shares
> software with the community does the community a disservice by removing a
> release because it "has serious bugs."  Brown-bag releases happen:  ab
> open source community repairs the damage from them by making new
> releases, not by covering them up.

I luckily haven't run into this with software I release on PyPI yet, but sometimes
pulling back an update while working on a fix is the responsible thing to do. 

<snark>
You must be living in some other community than I do, I usually get to fix
my own bugs.
</snark>

Ronald

> 
> 
> Tres.
> - -- 
> ===================================================================
> Tres Seaver          +1 540-429-0999          tseaver at palladion.com
> Palladion Software   "Excellence by Design"    http://palladion.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
> 
> iEYEARECAAYFAlEwG7IACgkQ+gerLs4ltQ6RCACggZ38+vBTCXGlnwtm/mrmvkCp
> 370An1S6hQJkmJBVFQ5dkO+XeElkUPuj
> =zjAd
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig

More information about the Catalog-SIG mailing list