M.-A. Lemburg <mal <at> egenix.com> writes: > > -1. > > It does happen that files need to be reuploaded because of a bug > in the release process and how people manage their code is really > *their* business, not that of PyPI.
It's not just the business of the package authors, because as soon as it's uploaded it's visible to uesrs, and swapping it out from under their feet is a crummy thing to do. > > FWIW, I am getting increasingly annoyed how PyPI and pip try to dictate > the way package authors are supposed to build, manage and host their > Python packages and release process. Can we please stop this ? > I want to specifically reply to this: Over the past 6-12 months, the quality of my experience using PyPI and PIP has increased so dramatically, it leaves me wondering how I ever used Python before. I used to on a regular basis, experience pip randomly hang trying to spider external stuff, have my downloads silently exposed to MITM attacks via HTTP, and randomly start getting alphas of packages people uploaded without realizing that the machinery didn't know about pre-release vs. release packages. The changes to pip and PyPI that have resolved these issues, and dozens of others. Yes, we've constrained PyPI, but across the board we've almost exclusively constrained things that are nearly universally agreed to be a bad idea. To quote Glyph, "Constraints make the medium". PyPI is a medium, a canvas for us to paint a user experience on. Having it be a simple "index" as it was originally conceived gives package authors a nearly unlimited ability to create bad, misleading, and insecure experiences for user. By constraining what the medium of PyPI is, we make it SO much easier for users and package authors to be a part of a good eco-system. So I say: Carry on Donald and others, keep pushing for the only user experience to be a great one. +1 on this proposal, Alex _______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
