[Distutils] RFC: PEP 541 - Package Index Name Retention

Mon Jan 16 16:19:53 EST 2017

If you have a non-release release with some description text and a
home-page that points to where active development is going on (that could
constitute "functionality" in a non-code way), I think that should preempt
a reasonable person (which is hopefully a superset of maintainers) from
deleting it.

On Mon, Jan 16, 2017 at 3:02 PM, Dariusz Suchojad <dsuch at zato.io> wrote:

> On 13/01/17 19:08, Lukasz Langa wrote:
>
> > Invalid projects
> > ----------------
> >
> > A project published on the Package Index meeting ANY of the following
> > is considered invalid and will be removed from the Index:
>
> [...]
>
> > * project is name squatting (package has no functionality or is
> >   empty);
>
> [...]
>
> Greetings,
>
> I'd like to clarify a certain aspect that I reckon is not covered by the
> PEP yet.
>
> There are several packages on PyPI in the 'zato' namespace, such as:
>
> https://pypi.python.org/pypi/zato
> https://pypi.python.org/pypi/zato-enclog
> https://pypi.python.org/pypi/zato-apitest
>
> Naturally, this is a namespace by convention only and on top of that,
> one will note that the first link is a 404. The PyPI package 'zato' does
> exist but it does not have any release. This is on purpose.
>
> The reason is that although Zato is written mostly in Python, we are not
> planning to make it available on PyPI instead opting to provide binary
> system packages, including installers for Docker or AWS Elastic
> Beanstalk, simply because the installers perform a lot of tasks that are
> outside of pip's scope:
>
> https://zato.io/docs/admin/guide/install/index.html
>
> However, there was a case when a third party registered the 'zato'
> package in PyPI simply because they thought it a cool idea. This caused
> confusion among prospective Zato users who expected to find software
> that had never been uploaded to PyPI by its developers. In the end the
> third party handed the PyPI package off and everything was resolved
> amicably but I'm now worried this can happen again.
>
> In particular, I worry that an eager contributor will eventually author
> a script that will find all the packages considered invalid per PEP 541,
> they will be deleted and someone else will register 'zato' again and
> unfortunately this will cause commotion on our end again. It happened
> before thus it's not a hypothetical scenario. And perhaps this time the
> third party will be less inclined to cooperate so even more time will be
> wasted until the situation is resolved.
>
> Short of adding namespaces to PyPI/Warehouse, I'm wondering how this can
> be prevented. Can there be added a clause to the PEP that only packages
> whose existence cannot be explain away in email by their maintainers be
> considered invalid in case of packages with no functionality nor
> contents? I realize that this adds to the PyPI's maintainers workload
> which was to be lessened thanks to this PEP but I'm honestly worried
> that as it stands now, the PEP does not cover this particular use-case
> that I'm concerned about.
>
> Essentially, this is preventive squatting for the greater good, so to
> speak, by people who are actually entitled to do it and who would be
> doing it anyway if namespaces were available.
>
> kind regards,
>
> --
> Dariusz Suchojad
>
> https://zato.io
> ESB, SOA, REST, APIs and Cloud Integrations in Python
>
>
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170116/cae583d2/attachment.html>