[Distutils] Immutable Files on PyPI
Barry Warsaw
barry at python.org
Mon Sep 29 16:36:09 CEST 2014
On Sep 28, 2014, at 07:31 PM, Donald Stufft wrote:
>I'd like to discuss the idea of moving PyPI to having immutable files. This
>would mean that once you publish a particular file you can never reupload
>that file again with different contents. This would still allow deleting the
>file or reuploading it if the checksums match what was there prior.
Although I have abused this in the past, as others have pointed out, because
once uploaded I realize there is a bug in the package. There's a certain
class of such bugs that prompt a quick re-upload rather than a version rev,
such as some display problem on PyPI (because of package metadata), or some
follow on packaging bug, such as a missing MANIFEST.in causing Debian package
build to fail. Yes, the latter is more easily checked before upload, but
sometimes you feel optimistic. ;)
This won't make your lives easier, but I'd like to propose some support for
"embargoed" uploads. These would be normal uploads except that they wouldn't
be publicly available until a 'publish' button were pushed. Such embargoed
uploads wouldn't be subject to the checksum limitation, and we'd have to
figure out exactly how such packages would be available (certainly to a logged
in owner of the project via the web, but perhaps through an authenticated
scriptable interface).
Even if you decide against supporting something like this, I'd still be okay
with the checksum restriction. You never run out of version numbers.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140929/25601015/attachment-0001.sig>
More information about the Distutils-SIG
mailing list