[Distutils] PyPi not allowing duplicate filenames

Donald Stufft donald at stufft.io
Wed Oct 14 22:04:54 CEST 2015

On October 14, 2015 at 3:58:52 PM, Chris Barker (chris.barker at noaa.gov) wrote:
> On Wed, Oct 14, 2015 at 9:56 AM, Dave Forgac  
> wrote:
> > This was discussed recently here:
> > https://github.com/pypa/packaging-problems/issues/74
> >
> and on this list at other times. Though the above issue was pretty focused
> on restoring a deleted file without any changes -- which seems like a
> no-brainer to me, as long as someone wants to put the effort into the
> infrastructure.
> (the soft delete option seems like a good idea to me).

I plan on implementing a soft delete in Warehouse.

> But I'm talking about the cases of "whoops! I really wish I hadn't uploaded
> that one". We can improve the tooling (some discussion on this in this
> thread right now...), but people are people and some of us are stupid
> and/or careless. So this WILL happen.
> And it just seems pedantic to say: hey -- you've already put that one there
> -- maybe even two minutes ago, so there is NO WAY to fix your mistake. If
> it happens quickly, then no one has downloaded it, it hasn't made its way
> to the mirrors, etc…

Generally within 60-120 seconds it’s available in mirrors (most of them resync once a minute). If anyone has downloaded it then they will have pretty much permanently cached the package, first in the download cache and then again in the wheel cache (assuming it wasn’t a wheel already, and they had that enabled). The original package was NumPy. It had 30,982 downloads in the last day, so we can average that out to 1290 downloads an hour or 21 downloads a minute. If it takes you two minutes to notice it and delete it, then there are ~40 people who already have the original version cached and who will not notice the updated version.

Version numbers are free, use more of them. If you can’t just issue new releases quickly, then test your release before you upload it (and then upload it with twine) and you can even upload it to Test PyPI to test things earlier than that.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Distutils-SIG mailing list