Op 02-04-13 22:12, Christian Theune schreef:> Hi,
>
> when developing bandersnatch I saw some checksum errors for the md5sums
> of downloaded package files that I didn't understand.
> I just saw another one and just want to check back whether this is true:
> I can go to PyPI, delete a package version, and upload a different file
> later.
>
> True?
I have seen that happen too, a while ago. I don't think I noticed it
often. I did notice it for one or more distribute releases, maybe one
or two years ago. I noticed because I am using collective.eggproxy,
which is basically a pypi mirror that only gets a distribution from pypi
when it is actually requested by a user:
https://pypi.python.org/pypi/collective.eggproxy
So it is a partial mirror, saving bandwidth and disk space.
What happened was that buildout or easy_install was requesting
distribute version X. The mirror had that package locally, but its
index.html file was updated with a new md5 sum from pypi. The new md5
sum did not match the md5 sum of the previously downloaded distribution.
So apparently the distribution got replaced on pypi. I don't know why.
I compared the old and new version of the package. I think they
differed slightly in size, but unpacked they were exactly the same, so I
did not mentioned it at the time.
So: yes, it can happen.
Of course, here I assume that this was not some manual action by one of
my colleagues on the eggproxy and also not some freak error in
collective.eggproxy.
--
Maurits van Rees: http://maurits.vanrees.org/
Zest Software: http://zestsoftware.nl
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
