[Distutils] `setup.py register` can't create PyPI account.
tseaver at palladion.com
Tue Jul 13 02:32:07 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Tarek Ziadé wrote:
> 2010/7/13 "Martin v. Löwis" <martin at v.loewis.de>:
>>> Again, maybe it's flawed, and maybe we should remove it. But you cannot
>>> break this feature in Python 2.5, 26 etc.. because you find it flawed today.
>> And it's not the reason that I broke it. Instead, the reason is that the
>> PSF required me to make the change. I didn't even remember that this
>> would break distutils. Now that I think about it, I think it's distutils
>> that needs to get fixed going forward. For backwards compatibility, I'm
>> willing to accept solutions as long as they don't allow users to bypass
>> that checkbox.
> I understand why you did that change, and I understand the reasons.
> We also agree that Distutils needs to be fixed, and this is being
> worked out in Distutils2.
> But I strongly disagree that its better to break existing Python
> versions to comply with the PSF legal policy. I think this is a
> mistake, and I think it's acceptable to bypass that policy in
> distutils. That policy didn't exist back then, so it makes perfectly
> sense not to have it in Distutils.
The breakage you are talking about here is only for an *extremely rare*
case: a user rund 'setup.py register' without having first created an
account through the web UI. I think Martin is right, and that the fact
that it used to work was an undocumented misfeature (even a security hole).
Forcing people to register through the web in order to keep the usage
license enforced is a valid requirement: you can't just wish it away by
saying "We didn't use to have to do that."
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Distutils-SIG