[Distutils] PyPi not allowing duplicate filenames
Nathaniel Smith
njs at pobox.com
Wed Oct 14 23:17:18 CEST 2015
On Oct 14, 2015 1:55 PM, "Glyph Lefkowitz" <glyph at twistedmatrix.com> wrote:
>
>
>> On Oct 14, 2015, at 10:36 AM, Nathaniel Smith <njs at pobox.com> wrote:
>>
>> My feeling is that pypi is correct to disallow the mutation of releases
once they become public, but that the ergonomics around this could probably
be improved :-). A more general solution that might be nice to have Someday
would be if you could upload a release in one step, and then get a private
link to poke at what was uploaded and make sure it looks correct, before
making it public in a second step.
>
> IMHO it would be really neat if 'pip' could authenticate to PyPI, and the
authentication could affect package visibility, so that you could
end-to-end test 'pip install foo' and ensure that you get what you expect
before pushing the go-live switch.
The slick way to do this would be to provide a private index URL that gives
you a view of what pypi would look like after your release goes live, and
could be used like
pip install --index-url https://pypi.python.org/tmp/foo/acd1538afe267/ foo
That way you skip all the issues of adding an authentication system to pip,
plus get a URL that you can pass around to other people ("hey #twisted, can
someone who's on Windows test the new release? Just type: ...")
You'd want to expire these after some time to prevent them being abused as
private package indices for proprietary software, but that's easy enough.
@Donald: is there somewhere we should be filing these warehouse wish list
things so they don't get lost? :-)
-n
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20151014/64dfccd9/attachment-0001.html>
More information about the Distutils-SIG
mailing list