[Catalog-sig] Proposal: close the PyPI file-replacement loophole
"Martin v. Löwis"
martin at v.loewis.de
Mon Jan 30 01:38:00 CET 2012
> When we initially implemented file upload to PyPI it was our intention
> that the file be immutable once uploaded. The goal was to make things
> significantly simpler for end users - there would only ever be one
> file with a given name. If the content changed then so must the name
> (typically by creating a new release version.)
I don't actually recall that being a goal :-)
> Your thoughts?
-1. There are plenty of ways to check whether the file was modified if
you already have a copy of it. Users just need to accept that files may
change, and package authors need to accept that users may retain old
copies of a file even after they replaced it.
I just got a user comment a week ago of a user explicitly thanking about
the ability to replace files after already publishing them.
Regards,
Martin
More information about the Catalog-SIG
mailing list