[New-bugs-announce] [issue40132] Mechanism to control who owns package names on PyPI?
ChrisRands
report at bugs.python.org
Wed Apr 1 04:56:05 EDT 2020
New submission from ChrisRands <chrisrands0 at gmail.com>:
Not sure if this is the right place to mention this (apologies if not). Naturally, package names are unique so when you run `pip install package-name` there is no ambiguity. However, this means that package names are limited and potentially valuable. Already there were some malicious users typo squatting famous package names (https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/), now fixed, but I'm more referring to the more general issue.
My guess is, if python continues to grow in popularity, it is only a matter of time before some unhelpful folks decide to reserve generic package names (common words etc.) and there is a market for selling PyPI package names (like the situation with domain names now). Personally, I'm not sure this would be good for the python community, but I don't know if there is (or could be) any solutions?
----------
messages: 365454
nosy: ChrisRands
priority: normal
severity: normal
status: open
title: Mechanism to control who owns package names on PyPI?
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40132>
_______________________________________
More information about the New-bugs-announce
mailing list