[Distutils] RFC: PEP 541 - Package Index Name Retention

Lukasz Langa lukasz at langa.pl
Fri Jan 13 13:50:07 EST 2017

Thanks for review, Steve!

> On Jan 13, 2017, at 10:35 AM, Steve Dower <steve.dower at python.org> wrote:
> I don't see any reason to expect the index maintainers to trawl through a project's documentation or home page to find contact details. There are more than enough ways to provide it on the index, and as far as I'm concerned, no reason for uploaders to not provide one.

The reason of this is courtesy towards existing package owners who might not have conformed to the Author e-mail requirement because it wasn't explicitly formulated. I think the maintainers would try their best to reach the owner anyway, just to be sure there won't be any harm caused by changes.

>> An *abandoned* project can be transferred to a new owner for purposes
>> of reusing the name when ALL of the following are met:
>> ...
> The list here is nearly identical to the previous section

The "skin in the game" behavior is different.

>  it's not clear on reading why we need to list these twice.

It's a different case and I want to limit back-and-forth required by the readers (which is already necessary to parse the rules for abandoned projects).

> I would actually like to be able to name-squat for a period between a project being started and being released (particularly in my own context, I often need to keep a project private until it has been internally tested/reviewed/scanned and the lawyers have signed off, at which point it may require a new review if the name has to change).
> Presumably for a reachable uploader who can give an explanation, this won't result in the immediate loss of the name. But suggesting a time limit may help reduce support requests ("project is name squatting for at least 6 months" feels okay to me, but not wedded to it).

I don't want to suggest arbitrary limits on acceptable name squatting because this can be abused. As long as you squat and nobody calls you out on it before your first functional release, that's okay. If you squat on a great name and somebody comes along with an existing notable project wanting that name, the case it rather clear though.

> (As a semi-related aside, I'm currently squatting on the 'microsoft' and 'windows' packages for trademark protection reasons. They may never get any functionality, but that's better than someone else having the name. This sort of squatting doesn't necessarily need to be explicitly called out in policy, but maybe it's worth a mention?)

I wanted to avoid touching on trademark issues because IANAL.

- Ł

More information about the Distutils-SIG mailing list