[Distutils] `setup.py register` can't create PyPI account.

"Martin v. Löwis" martin at v.loewis.de
Tue Jul 13 00:47:37 CEST 2010


> Your change in the PyPI UI has broken the register command in
> Distutils for Python 2.5 and onward.

Correct. Actually, older versions are also broken, back to 2.3.

> If this legal issue is to be applied to *all* existing Python version
> *immediatly*, we should create a security patch for all versions.

I disagree - that's not a security threat.

> No, because this is how it works in Python 2.5, 2.6, 2.7, 3.1
> Again, the command is now broken because you have added a checkbox in PyPI.

I fully understand that. However, changing PyPI to remove that checkbox
under certain conditions is not an option.

> This change is not a bad thing, don't get me wrong. But if you enforce
> it for all Python versions, you basically break this feature.

Correct.

> The urllib2 user agent has the Python version in it. I suggest that
> you bypass this change,
> for all existing Python versions, and introduce it for Python 3.2

Unfortunately, that's just not acceptable.

> But the PSF didn't tell you to break existing Python versions. I think
> we need to find a better solution here.

Sure. However, bypassing the checkbox is not an option.

How about this: we issue a 401 error response, telling users to register
over the web? IIUC, distutils will display this message.

> Again, maybe it's flawed, and maybe we should remove it. But you cannot
> break this feature in Python 2.5, 26 etc.. because you find it flawed today.

And it's not the reason that I broke it. Instead, the reason is that the
PSF required me to make the change. I didn't even remember that this
would break distutils. Now that I think about it, I think it's distutils
that needs to get fixed going forward. For backwards compatibility, I'm
willing to accept solutions as long as they don't allow users to bypass
that checkbox.

Regards,
Martin


More information about the Distutils-SIG mailing list