[Catalog-sig] remove historic download/homepage links for a project
ronaldoussoren at mac.com
Fri Mar 1 08:09:52 CET 2013
On 1 Mar, 2013, at 4:08, Tres Seaver <tseaver at palladion.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 02/28/2013 06:21 PM, Richard Jones wrote:
>> On 1 March 2013 04:10, Tres Seaver <tseaver at palladion.com> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>> On 02/28/2013 11:27 AM, Ronald Oussoren wrote:
>>>> But necessary to have. Or am the only one that accidently released
>>>> a version that had serious bugs?
>>> Nope. The way to address such a version is to release a new, fixed
>>> version (preferably one with a suitably-PEP-compliant version which
>>> indicates the version being corrected). The only legitimate reason
>>> to yank a release is that you are under legal compulsion to do so
>>> (a takedown notice or equivalent), or you discover that the version
>>> released has been trojaned in some way.
>> You may have listed the only reason *you will allow* but the owner of
>> the package can do whatever they want. You're correct that once the
>> package is "out in the wild" you can't get all those copies back, but
>> they can (for whatever reason they have and no, I'm not going to
>> needlessly speculate) remove it from PyPI. You have no legal or moral
>> right to compel them to do otherwise.
> I wasn't claiming any right: I was arguing that anybody who shares
> software with the community does the community a disservice by removing a
> release because it "has serious bugs." Brown-bag releases happen: ab
> open source community repairs the damage from them by making new
> releases, not by covering them up.
I luckily haven't run into this with software I release on PyPI yet, but sometimes
pulling back an update while working on a fix is the responsible thing to do.
You must be living in some other community than I do, I usually get to fix
my own bugs.
> - --
> Tres Seaver +1 540-429-0999 tseaver at palladion.com
> Palladion Software "Excellence by Design" http://palladion.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> Catalog-SIG mailing list
> Catalog-SIG at python.org
More information about the Catalog-SIG