[Distutils] `setup.py register` can't create PyPI account.

Tres Seaver tseaver at palladion.com
Tue Jul 13 02:32:07 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tarek Ziadé wrote:
> 2010/7/13 "Martin v. Löwis" <martin at v.loewis.de>:
> ...
>>> Again, maybe it's flawed, and maybe we should remove it. But you cannot
>>> break this feature in Python 2.5, 26 etc.. because you find it flawed today.
>> And it's not the reason that I broke it. Instead, the reason is that the
>> PSF required me to make the change. I didn't even remember that this
>> would break distutils. Now that I think about it, I think it's distutils
>> that needs to get fixed going forward. For backwards compatibility, I'm
>> willing to accept solutions as long as they don't allow users to bypass
>> that checkbox.
> 
> I understand why you did that change, and I understand the reasons.
> We also agree that Distutils needs to be fixed, and this is being
> worked out in Distutils2.
> 
> But I strongly disagree that its better to break existing Python
> versions to comply with the PSF legal policy. I think this is a
> mistake, and I think it's acceptable to bypass that policy in
> distutils. That policy didn't exist back then, so it makes perfectly
> sense not to have it in Distutils.

The breakage you are talking about here is only for an *extremely rare*
case:  a user rund 'setup.py register' without having first created an
account through the web UI.  I think Martin is right, and that the fact
that it used to work was an undocumented misfeature (even a security hole).

Forcing people to register through the web in order to keep the usage
license enforced is a valid requirement:  you can't just wish it away by
saying "We didn't use to have to do that."


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkw7tAEACgkQ+gerLs4ltQ6NKgCgsE7+kOdMghuqSiI38Voq3cUH
WW4AoKyx35Cbr+zEtZZ1JPYSHvSJA8Ir
=yPiO
-----END PGP SIGNATURE-----



More information about the Distutils-SIG mailing list