[Distutils] RFC: PEP 541 - Package Index Name Retention

Steve Dower steve.dower at python.org
Fri Jan 13 13:35:56 EST 2017

Looks great to me. Just a few comments that may help reduce the burden 
on the index maintainers.

On 13Jan2017 1008, Lukasz Langa wrote:
> In every case where contacting the user is necessary,
> the maintainers will try to do so at least three times, using the
> following means of contact:
> * the e-mail address on file in the user's profile on the Package Index;
> * the e-mail address listed in the Author field for a given project
>   uploaded to the Index; and
> * any e-mail addresses found in the given project's documentation
>   on the Index or on the listed Home Page.
> The maintainers stop trying to reach the user after six weeks.

I don't see any reason to expect the index maintainers to trawl through 
a project's documentation or home page to find contact details. There 
are more than enough ways to provide it on the index, and as far as I'm 
concerned, no reason for uploaders to not provide one.

> An *abandoned* project can be transferred to a new owner for purposes
> of reusing the name when ALL of the following are met:
> ...

The list here is nearly identical to the previous section, apart from 
the added data point of download count (which is good!), and it's not 
clear on reading why we need to list these twice.

> Invalid projects
> ----------------
> A project published on the Package Index meeting ANY of the following
> is considered invalid and will be removed from the Index:
> ...
> * project is name squatting (package has no functionality or is
>   empty);
> ...
> If you find a project that might be considered invalid, create
> a support request [7]_.

I would actually like to be able to name-squat for a period between a 
project being started and being released (particularly in my own 
context, I often need to keep a project private until it has been 
internally tested/reviewed/scanned and the lawyers have signed off, at 
which point it may require a new review if the name has to change).

Presumably for a reachable uploader who can give an explanation, this 
won't result in the immediate loss of the name. But suggesting a time 
limit may help reduce support requests ("project is name squatting for 
at least 6 months" feels okay to me, but not wedded to it).

(As a semi-related aside, I'm currently squatting on the 'microsoft' and 
'windows' packages for trademark protection reasons. They may never get 
any functionality, but that's better than someone else having the name. 
This sort of squatting doesn't necessarily need to be explicitly called 
out in policy, but maybe it's worth a mention?)


More information about the Distutils-SIG mailing list