[Catalog-sig] Proposal: close the PyPI file-replacement loophole
Richard Jones
r1chardj0n3s at gmail.com
Mon Jan 30 01:46:31 CET 2012
On 30 January 2012 10:59, Robert Collins <robertc at robertcollins.net> wrote:
> On Mon, Jan 30, 2012 at 12:47 PM, Richard Jones <r1chardj0n3s at gmail.com> wrote:
>> I'm considering closing this loophole by retaining a record of the
>> uploaded file (though not the contents) so that future uploads with
>> the same name wouldn't be allowed. I understand that this is how the
>> ruby gem archive handles deletion of files.
>
> Please allow for never-downloaded files to be replaced; or perhaps
> some low threshold (like 2 or 3) downloads. Its handy when a bad
> upload is made to just-fix-it.
This is tricky: download counts are only tallied once every 24 hours
using the local web server logs and grabbing the download count files
from the mirrors.
Richard
More information about the Catalog-SIG
mailing list