[Distutils] A process for removal of PyPi entries

Donald Stufft donald at stufft.io
Fri May 31 22:49:21 CEST 2013 

On May 31, 2013, at 4:45 PM, Noah Kantrowitz <noah at coderanger.net> wrote:

> 
> On May 31, 2013, at 1:34 PM, Tres Seaver wrote:
> 
>> On 05/31/2013 09:18 AM, Lennart Regebro wrote:
>>> I'd be OK with after six months automatically removing packages that 
>>> has only one owner/maintainer, and that owner/maintainer has no other 
>>> packages, and the package has no available downloads, and no contact 
>>> information on either package nor registered user.
>> 
>> Why all the extras:  if somebody wants to claim a project name, but can't
>> upload a release for six months, they should just lose.  I would actually
>> be willing to have that cut down to a day:  trying to grab the name
>> before registering / uploading a release should result in loss of the claim.
> 
> +1, I think this should just be treated as a form validation thing. It is a detail of the protocol that you upload a dist definition before the files, but I don't think we should consider it a valid PyPI entry until a file is uploaded (especially now that the default mode is to not scrape external sites). As we switch to not scraping, anything with no files should just vanish IMO, at which point it is available for registration again. If someone happens to ninja-upload between the setup.py register and setup.py upload, I think we can just throw an error message since chances of that happening are so amazingly low.
> 
> --Noah
> 
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig

So I completely agree with the sentiment. However we need to make sure whatever process we come up with has provisions for when it's ok to manually remove a name as well.

The reasoning is that it can easily become an arms race of sort. If we say "well projects without a file get auto deleted after a day", then someone wanting to squat a name will just upload a dummy file.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130531/d4978fc6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130531/d4978fc6/attachment.pgp>

More information about the Distutils-SIG mailing list