[Distutils] RFC 2: PEP 541 - Package Index Name Retention

Chris Rose offline at offby1.net
Mon Jan 16 17:02:38 EST 2017


That depends on policy. I don't want to go too far down the trap of
privileging my specific use case, but as a company that vendors
*everything* we depend on, our accesses to PyPi for dependencies are pretty
rare, which means we might run afoul of these changes when ingesting
packages.

I'm going to ask the pointed question: is there actually any serious value
to allowing the replacement of a name for anything that was ever in wide
usage? Trademark violations notwithstanding -- legal stuff requires some
degree of exception to the process -- why should abandonment result in
replacement, as long as the existing code has ever been in use?

On Mon, Jan 16, 2017 at 1:58 PM, Matthias Bussonnier <
bussonniermatthias at gmail.com> wrote:

> On Mon, Jan 16, 2017 at 1:18 PM, Chris Rose <offline at offby1.net> wrote:
> > The tricky part there is that "being used" is a tough concept to define.
> > Over what time period? What amount of downloading counts as "used"?
> >
> > I believe these concepts need to be made very clear, because the impact
> of
> > exploitative replacement is pretty severe if it is made to happen.
> >
>
> Would a month  where the old package is made unavailable, but the new
> owner is not given access yet be a good compromise ?
>
> It most likely let time the old owner (or old users) to manifest a
> decide to "revive" the package if necessary, otherwise give a really
> strong signal that if there is still a couple of download, then it
> really does not breaks a lot.
> --
> M
>



-- 
Chris R.
======
Not to be taken literally, internally, or seriously.
Twitter: http://twitter.com/offby1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170116/22ea0b2f/attachment-0001.html>


More information about the Distutils-SIG mailing list