[Python-ideas] [PEP-0541] On issues with reclaiming namespaces in PyPi

[Chris Rose]

I want to address one gap in the PEP regarding reclaiming abandoned names:
Version reuse. The problem with reusing names is that existing applications
or installations that reference the old one, unless they pin the version
name precisely. Even in that case, I foresee issues with version collision,
especially if the abandoned project was well-versioned in the same model
(semver or otherwise) that the new project uses.

I'm deeply concerned by the idea of installer code suddenly picking up a
new project... with possibly different dependencies on its own, either with
old or clashing versions. I recognize it's going to be rare, but these
incidents will definitely impact the repeatability of builds depending on
PyPi.

I think the criteria for reuse of a name must include usage limits; if the
package is being downloaded on a steady basis by accounts that can't be
shown to belong to known integration systems, reuse should not be allowed.

-- 
Chris R.
======
Not to be taken literally, internally, or seriously.
Twitter: http://twitter.com/offby1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20170115/4cfb20c6/attachment-0001.html>