On 29 September 2014 10:36, M.-A. Lemburg <m...@egenix.com> wrote: > -1. > > It does happen that files need to be reuploaded because of a bug > in the release process and how people manage their code is really > *their* business, not that of PyPI. > > FWIW, I am getting increasingly annoyed how PyPI and pip try to dictate > the way package authors are supposed to build, manage and host their > Python packages and release process. Can we please stop this ?
PyPI is mirrored by many people, most hopefully using bandersnatch. If you change the contents of a release, that will usually break someone somewhere. Places I've seen it break: BSD ports trees [sha1sum no longer matches] Dpkg and rpm source builds [content no longer matches upstream, doesn't break hash because those projects cache the source code themselves] Non-bandersnatch mirrors (such as devpi, or pypi-mirror) which assume files are immutable and don't cross-check once a file is successfully downloaded. PEP-440 provides the postN version suffix *specifically* to allow folk to fix a release without running into these issues. Is that something you can use? I don't see the work being done on PyPI as dictating how code is managed: you can delete things, you can upload new things. What its doing with this specific change is enforcing immutability of *public artifacts* which most of the software ecosystem already depends on. +1 from ,e. -Rob -- Robert Collins <rbtcoll...@hp.com> Distinguished Technologist HP Converged Cloud _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
