[Python-Dev] Edits to Metadata 1.2 to add extras (optional dependencies)

R. David Murray rdmurray at bitdance.com
Tue Aug 28 19:09:15 CEST 2012 

On Tue, 28 Aug 2012 18:47:16 +0200, =?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?= <martin at v.loewis.de> wrote:
> Am 28.08.12 18:27, schrieb R. David Murray:
>  > The problem Donald is asking about is:  the old registration expires,
>  > and a *new* registration is entered with a different meaning, but
>  > packages still exist on PyPI that have the key with the old meaning.
>  > That seems likely to happen in practice.  Or if it doesn't, then
>  > allowing for the recycling of names probably isn't important.
> 
> Let me retry answering the question: Expiration *is* important in
> the case the key was just registered and never used, because it may
> be a good name for something, but can't be used because it is reserved
> for a use case that has no users.
> 
> If the key is *widely* used, the scenario you assume is *not* likely
> in practice - either the original registrant will renew the registration
> before it expires, or somebody else will reregister it after it expires.
> 
> There is also the case of a key that is used in a few packages (one
> or two packages seems a likely case - namely packages produced by the
> original registrant for the purpose of testing). Assuming the registrant
> then loses interest, and nobody else starts using the keys (i.e. they
> are not widely used), then these packages will break (in a mode that
> can be painted in different colors). This may happen, but I don't
> consider it a problem. If the original author finds the package broken,
> he will have to release a new version without the these keys, or
> re-register them under a new name (since his original name is now
> taken by somebody else - who hopefully can attract more users with
> his definition of the key).
> 
> There is also the potential risk of key-jacking, which can be
> resolved administratively (by revoking the abusive registration).

OK, I understand your logic now.  Yes that does make sense to me.  There
are tradeoffs to be made, and this seems like a reasonable tradeoff
given the goals articulated so far.

--
R. David Murray

If you like the work I do for Python, you can enable me to spend more
time doing it by supporting me here:  http://gittip.com/bitdancer

More information about the Python-Dev mailing list