Hi there, On Mon, Jul 4, 2011 at 9:55 PM, "Martin v. Löwis" <[email protected]> wrote: >> What do people think? > > I agree with PJE, Jacob, and Georg: package owners need > to have absolute freedom to delete content at any time, > or even replace it with new content.
Okay, if there's a consensus among PyPI maintainers that doing such things should be absolutely free to developers, what about a central backup server that does keep such old copies around that just clones PyPI? Evidently I'll have to find people who are interested in that. > I disagree about possible reactions, though: your first action > should be to ask the package author to bring the old version > back. Maybe they didn't know you were still using it. That was of course my first reaction, and that of several others in the same situation, a few weeks ago when this came up. One release was restored, but the release several of us were actually using wasn't. It was an easy upgrade, but I'd have preferred to prefer to deal with this situation at a time of my own choosing. So I figured I'd just prefer to use a system where such a situation was impossible, and it was clearly a problem others were having too, so can be solved centrally. So anyway, I'm dropping my proposal, as it's going nowhere. I'll submit another proposal in a few minutes. But I am genuinely curious about the use cases behind allowing package authors to have absolute freedom, by the way - there's something I am not understanding. Is this because it is thought that otherwise developers won't use PyPI at all? It's clear PJE is one such developer, but I'm trying to understand *why*. It can't be that it's considered good practice to change the contents of an older release, or to remove one, right? It seems positively dangerous to allow people to arbitrarily replace old packages with new content - installation instructions will be totally broken, and there are some security risks as well. And this freedom doesn't seem to offer much more control to developers, as once the packages are on PyPI, people can make copies elsewhere. So what is the motivation behind allowing this freedom? Purely the thought that developers otherwise won't want to use PyPI? But why do we want people to use PyPI in the first place if not to allow a convenient reuse of this code? I'm missing something here... Regards, Martijn _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
