[Numpy-discussion] NEP 36- fair play (was: request to remove the numpy-aarch64 package from PyPI)
Matti Picus
matti.picus at gmail.com
Tue Jun 15 03:38:42 EDT 2021
On 14/6/21 11:03 pm, Stefan van der Walt wrote:
> On Sun, Jun 13, 2021, at 18:21, Charles R Harris wrote:
>>
>>
>> On Sun, Jun 13, 2021 at 10:47 AM Ralf Gommers <ralf.gommers at gmail.com
>> <mailto:ralf.gommers at gmail.com>> wrote:
>>
>> FYI, I noticed this package that claimed to be maintained by us:
>> https://pypi.org/project/numpy-aarch64/
>> <https://pypi.org/project/numpy-aarch64/>. That's not ours, so I
>> tried to contact the author (no email provided, but guessed the
>> same username on GitHub) and asked to remove it:
>> https://github.com/tomasriv/DNA_Sequence/issues/1
>> <https://github.com/tomasriv/DNA_Sequence/issues/1>.
>>
>> There are a very large number of packages with "numpy" in the
>> name on PyPI, and there's no way we can audit/police that
>> effectively, but if it's a rebuild that pretends like it's
>> official then I think it's worth doing something about. It could
>> contain malicious code for all we know.
>>
>>
>> That is a pretty misleading package description, would have fooled me
>> if I didn't know better. I didn't get the impression it was
>> malicious, but still . . .
>
> Maybe now is a good time to move to accept:
>
> https://numpy.org/neps/nep-0036-fair-play.html
> <https://numpy.org/neps/nep-0036-fair-play.html>
>
> Stéfan
Having just re-read the NEP, I think the Motivation section should
mention name re-use: "Additionally, we wish to reduce confusion when
package names imply they are sanctioned or maintained by NumPy". Other
than that it looks good to me. Do you want to make a PR to add the
discussion and change the status, and notify the list of your intention
to accept it?
Matti
More information about the NumPy-Discussion
mailing list