[Distutils] PyPI abuse

tritium-list at sdamon.com tritium-list at sdamon.com
Tue Apr 11 04:41:12 EDT 2017

Playing devil's advocate here, do we put a value judgement on the content of a module on pypi, even if that content is limited to a single function that just prints?  What does that mean for something like a 'metapackage' (a package on pypi that has no content, and exists only to install other modules - like a project that has been modularized into other packages on pypi)?  I think this should be handled on a case by case basis, where someone else comes along wanting to use a name currently being used by one of these obvious placeholders.

That said, this looks sketchy, and I would not be shocked to find these names being held hostage on some auction site somewhere.  If that is the case, burninate them.

> -----Original Message-----
> From: Distutils-SIG [mailto:distutils-sig-bounces+tritium-
> list=sdamon.com at python.org] On Behalf Of Lele Gaifax
> Sent: Monday, April 10, 2017 7:10 PM
> To: Distutils-Sig at Python.Org
> Subject: [Distutils] PyPI abuse
> Hi all,
> I know it's been debated here whether there should be some kind of
> filtering
> on uploaded packages on PyPI, but today someone, either an automated
> tool or a
> silly guy, started to upload dozens of "Xxx 0.1.0" where "Xxx" is some
> "surname", here is latest variant: https://pypi.python.org/pypi/Lykov/0.1.0
> Is there something that can/should be done to stop it?
> Thank you,
> ciao, lele.
> --
> nickname: Lele Gaifax | Quando vivrò di quello che ho pensato ieri
> real: Emanuele Gaifas | comincerò ad aver paura di chi mi copia.
> lele at metapensiero.it  |                 -- Fortunato Depero, 1929.
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig

More information about the Distutils-SIG mailing list