On Jun 17, 2010, at 18:53, Andreas Jung <li...@zopyx.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ronald Oussoren wrote: >> >> On 17 Jun, 2010, at 13:20, Patrick Gerken wrote: >>> >>> >>> Please have a look at the package in question. The only problem >>> with it is that the download URL registered on PyPI no longer works. >>> It redirects to the download page where you can find the source >>> distribution. >>> >>> >>> And thats exactly what Andreas' argument is targeting. >>> >> >> Note that even a requirement to upload a package to PyPI won't reliably >> solve Andreas' problem, the package owner could remove a release or even >> the entire package. > > Released is released. There are only very few cases where one should be > allowed to remove packages (e.g. containing viruses, malware etc.). > Otherwise released stuff must not be touched. I agree that it would in mist cases be better to keep releases around, but a developer might not have the option to do so for legal reasons. And as someone else noted uploading to pypi might not be possible either for legal reasons, such as for cryptographic software. Ronald > > - -aj > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkwaUxUACgkQCJIWIbr9KYxmnACaAwDSSRLdU4wViW+Bql6sKMmt > XXkAoLSsgw7A5BIizfZcEqM9WxqnT2+C > =j+F8 > -----END PGP SIGNATURE----- > <lists.vcf> _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
