[Python-Dev] Edits to Metadata 1.2 to add extras (optional dependencies)
"Martin v. Löwis"
martin at v.loewis.de
Tue Aug 28 18:47:16 CEST 2012
Am 28.08.12 18:27, schrieb R. David Murray:
> The problem Donald is asking about is: the old registration expires,
> and a *new* registration is entered with a different meaning, but
> packages still exist on PyPI that have the key with the old meaning.
> That seems likely to happen in practice. Or if it doesn't, then
> allowing for the recycling of names probably isn't important.
Let me retry answering the question: Expiration *is* important in
the case the key was just registered and never used, because it may
be a good name for something, but can't be used because it is reserved
for a use case that has no users.
If the key is *widely* used, the scenario you assume is *not* likely
in practice - either the original registrant will renew the registration
before it expires, or somebody else will reregister it after it expires.
There is also the case of a key that is used in a few packages (one
or two packages seems a likely case - namely packages produced by the
original registrant for the purpose of testing). Assuming the registrant
then loses interest, and nobody else starts using the keys (i.e. they
are not widely used), then these packages will break (in a mode that
can be painted in different colors). This may happen, but I don't
consider it a problem. If the original author finds the package broken,
he will have to release a new version without the these keys, or
re-register them under a new name (since his original name is now
taken by somebody else - who hopefully can attract more users with
his definition of the key).
There is also the potential risk of key-jacking, which can be
resolved administratively (by revoking the abusive registration).
Regards,
Martin
More information about the Python-Dev
mailing list