On 1 Mar, 2013, at 4:08, Tres Seaver <tsea...@palladion.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/28/2013 06:21 PM, Richard Jones wrote: >> On 1 March 2013 04:10, Tres Seaver <tsea...@palladion.com> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>> >>> On 02/28/2013 11:27 AM, Ronald Oussoren wrote: >>> >>>> But necessary to have. Or am the only one that accidently released >>>> a version that had serious bugs? >>> >>> Nope. The way to address such a version is to release a new, fixed >>> version (preferably one with a suitably-PEP-compliant version which >>> indicates the version being corrected). The only legitimate reason >>> to yank a release is that you are under legal compulsion to do so >>> (a takedown notice or equivalent), or you discover that the version >>> released has been trojaned in some way. >> >> You may have listed the only reason *you will allow* but the owner of >> the package can do whatever they want. You're correct that once the >> package is "out in the wild" you can't get all those copies back, but >> they can (for whatever reason they have and no, I'm not going to >> needlessly speculate) remove it from PyPI. You have no legal or moral >> right to compel them to do otherwise. > > I wasn't claiming any right: I was arguing that anybody who shares > software with the community does the community a disservice by removing a > release because it "has serious bugs." Brown-bag releases happen: ab > open source community repairs the damage from them by making new > releases, not by covering them up.
I luckily haven't run into this with software I release on PyPI yet, but sometimes pulling back an update while working on a fix is the responsible thing to do. <snark> You must be living in some other community than I do, I usually get to fix my own bugs. </snark> Ronald > > > Tres. > - -- > =================================================================== > Tres Seaver +1 540-429-0999 tsea...@palladion.com > Palladion Software "Excellence by Design" http://palladion.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > iEYEARECAAYFAlEwG7IACgkQ+gerLs4ltQ6RCACggZ38+vBTCXGlnwtm/mrmvkCp > 370An1S6hQJkmJBVFQ5dkO+XeElkUPuj > =zjAd > -----END PGP SIGNATURE----- > > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
