We prevent people from uploading files to replace contents, but not
deleting and re-uploading. That would take additional tracking not built
into the system.
Richard
On 3 April 2013 07:12, Christian Theune <c...@gocept.com> wrote:
> Hi,
>
> when developing bandersnatch I saw some checksum errors for the md5sums of
> downloaded package files that I didn't understand.
> I just saw another one and just want to check back whether this is true: I
> can go to PyPI, delete a package version, and upload a different file later.
>
> True?
>
> This would explain that I can see a file that I downloaded successfully
> changing it's hash over time.
>
> Feels like a bad idea to me, but I guess this is part of the "PyPI doesn't
> have an oppinion" deal …
>
> Christian
>
>
> ______________________________**_________________
> Distutils-SIG maillist - Distutils-SIG@python.org
> http://mail.python.org/**mailman/listinfo/distutils-sig<http://mail.python.org/mailman/listinfo/distutils-sig>
>
>
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
