[Distutils] Proposal: Restrict the characters in a project name

Daniel Holth dholth at gmail.com
Wed May 15 05:56:13 CEST 2013

Surely it has to be Unicode. Why not reuse the python 3 identifier rules,
or just Unicode alphanumeric and underscore. Will miss the snowman.
On May 14, 2013 11:45 PM, "Donald Stufft" <donald at stufft.io> wrote:

> Currently PyPI allows a project name to contain basically any character
> except for a /. However most of the installation tooling doesn't not work
> with this wide of a namespace. It also opens up several avenues for
> spoofing attack where you trick people into copy and pasting an install
> command that looks like you're installing one package but you are really
> installing a different one.
> So I propose that moving forward that all projects/distributions are
> required to have names using only urlsafe characters. Specifically letters,
> decimal digits, hyphen, period, and underscore.
> Doing this would allow a better experience for people attempting to
> install packages, it would allow tool authors to test and make sure they
> can install all valid packages etc.
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130514/870bdab3/attachment.html>

More information about the Distutils-SIG mailing list