[Distutils] Closing the Delete File + Re-upload File Loophole.

Donald Stufft donald at stufft.io
Sat Jan 24 18:31:35 CET 2015


I've pushed changes to PyPI where it is no longer possible to reuse a filename
and attempting to do it will give an 400 error that says:

    This filename has previously been used, you should use a different version.

This does NOT prevent authors from being allowed to delete files from PyPI,
however if a file is deleted from PyPI it cannot be re-uploaded again. This
means that if you upload say foobar-1.0.tar.gz, and your 1.0 has a mistake in
it then you *must* issue a new release to correct it.

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



More information about the Distutils-SIG mailing list