[Distutils] Immutable Files on PyPI
Ian Cordasco
graffatcolmingov at gmail.com
Mon Sep 29 04:26:41 CEST 2014
+1 I know I abused this a couple times a couple years ago, but it
bothered me that I could. It also worried me because if my account
were ever compromised, someone could release malware under files named
exactly the same as my real released software. This won't prevent them
from deleting those other versions and uploading something new, but it
will provide a small bit of extra assurance.
On Sun, Sep 28, 2014 at 7:23 PM, Marcus Smith <qwcode at gmail.com> wrote:
>
>>
>> > It does happen that files need to be reuploaded because of a bug
>> > in the release process and how people manage their code is really
>> > *their* business, not that of PyPI.
>>
>> It's not just the business of the package authors, because as soon as it's
>> uploaded it's visible to uesrs, and swapping it out from under their feet
>> is a
>> crummy thing to do.
>
>
> agreed, +1 to the proposal.
>
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
More information about the Distutils-SIG
mailing list