[Distutils] PyPi not allowing duplicate filenames

Nathaniel Smith njs at pobox.com
Wed Oct 14 19:36:31 CEST 2015 

On Oct 14, 2015 10:04 AM, "Ionel Cristian Mărieș" <contact at ionelmc.ro>
wrote:
>
>
> On Wed, Oct 14, 2015 at 7:43 PM, Chris Barker <chris.barker at noaa.gov>
wrote:
>>
>> some packages were unable to work with the postN suffix.
>
>
> ​Can you elaborate a bit more here?​
>

Apparently some packages were making assumptions about the format of the
numpy.__version__ string, and having .postN in there caused errors when
they tried to process it. (It would be helpful if there were a little
permissively licensed standalone implementation of PEP 440 comparisons,
suitable for the "if pkg.version > ...:" checks that people insist on doing
-- I couldn't find one in some quick searches.)

IIUC, the specific problems numpy ran into that caused the creation of
.postN releases were:
- oops, didn't sign the uploads, re-upload identical file with proper
signature attached -> not allowed. (I'm not sure if these were embedded or
detached signatures. Either way it'd be nice if pypi allowed it, but for
embedded signatures in particular I can see how this might be a hassle.)
- our OS X maintainer tried to use twine to upload OS X wheels for the
existing release; instead it created a new release. Not sure if a bug was
filed on twine, but if not then one probably should be. As a workaround our
release docs now say "always upload wheels by hand using the web interface,
never use setup.py upload or twine".

My feeling is that pypi is correct to disallow the mutation of releases
once they become public, but that the ergonomics around this could probably
be improved :-). A more general solution that might be nice to have Someday
would be if you could upload a release in one step, and then get a private
link to poke at what was uploaded and make sure it looks correct, before
making it public in a second step.

CC'ing the release manager and OS X maintainer in question, in case I got
something wrong or more details are wanted...

-n
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20151014/d31e1b1c/attachment-0001.html>

More information about the Distutils-SIG mailing list