[Distutils] Immutable Files on PyPI
Ian Cordasco
graffatcolmingov at gmail.com
Mon Sep 29 16:40:37 CEST 2014
On Mon, Sep 29, 2014 at 9:36 AM, Barry Warsaw <barry at python.org> wrote:
> On Sep 28, 2014, at 07:31 PM, Donald Stufft wrote:
>
>>I'd like to discuss the idea of moving PyPI to having immutable files. This
>>would mean that once you publish a particular file you can never reupload
>>that file again with different contents. This would still allow deleting the
>>file or reuploading it if the checksums match what was there prior.
>
> Although I have abused this in the past, as others have pointed out, because
> once uploaded I realize there is a bug in the package. There's a certain
> class of such bugs that prompt a quick re-upload rather than a version rev,
> such as some display problem on PyPI (because of package metadata), or some
> follow on packaging bug, such as a missing MANIFEST.in causing Debian package
> build to fail. Yes, the latter is more easily checked before upload, but
> sometimes you feel optimistic. ;)
>
> This won't make your lives easier, but I'd like to propose some support for
> "embargoed" uploads. These would be normal uploads except that they wouldn't
> be publicly available until a 'publish' button were pushed. Such embargoed
> uploads wouldn't be subject to the checksum limitation, and we'd have to
> figure out exactly how such packages would be available (certainly to a logged
> in owner of the project via the web, but perhaps through an authenticated
> scriptable interface).
>
> Even if you decide against supporting something like this, I'd still be okay
> with the checksum restriction. You never run out of version numbers.
>
> -Barry
That's essentially what I see as the chief use-case for
testpypi.python.org. I don't think pypi.python.org needs to support
this as well. Simple is better than complex after all :)
Cheers,
Ian
More information about the Distutils-SIG
mailing list