[Distutils] RFC 2: PEP 541 - Package Index Name Retention

Chris Rose offline at offby1.net
Mon Jan 16 14:59:23 EST 2017

(copied from an email I erroneously sent to python-ideas@)

I want to address one gap in the PEP regarding reclaiming abandoned names:
Version reuse. The problem with reusing names is that existing applications
or installations that reference the old one, unless they pin the version
name precisely. Even in that case, I foresee issues with version collision,
especially if the abandoned project was well-versioned in the same model
(semver or otherwise) that the new project uses.

I'm deeply concerned by the idea of installer code suddenly picking up a
new project... with possibly different dependencies on its own, either with
old or clashing versions. I recognize it's going to be rare, but these
incidents will definitely impact the repeatability of builds depending on

I think the criteria for reuse of a name must include usage limits; if the
package is being downloaded on a steady basis by accounts that can't be
shown to belong to known integration systems, reuse should not be allowed.

Chris R.
Not to be taken literally, internally, or seriously.
Twitter: http://twitter.com/offby1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170116/33246ae2/attachment.html>

More information about the Distutils-SIG mailing list