Hi,
when developing bandersnatch I saw some checksum errors for the md5sums
of downloaded package files that I didn't understand.
I just saw another one and just want to check back whether this is
true: I can go to PyPI, delete a package version, and upload a
different file later.
True?
This would explain that I can see a file that I downloaded successfully
changing it's hash over time.
Feels like a bad idea to me, but I guess this is part of the "PyPI
doesn't have an oppinion" deal …
Christian
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
