(Fixed quoting indent + some own comments) On Mon, Sep 29, 2014 at 11:04 +0000, Donald Stufft wrote: > On Sep 29, 2014, at 6:01 AM, Nick Coghlan > <ncogh...@gmail.com<mailto:ncogh...@gmail.com>> wrote: > > On 29 Sep 2014 19:50, "Nick Coghlan" > <ncogh...@gmail.com<mailto:ncogh...@gmail.com>> wrote: > > > > > > On 29 Sep 2014 19:04, "M.-A. Lemburg" > > <m...@egenix.com<mailto:m...@egenix.com>> wrote: > > > > > > Do you seriously want to force package authors to cut a new release > > > just because a single uploaded distribution file is broken for > > > some reason and then ask all users who have already installed one > > > of the non-broken ones to upgrade again, even though they are not > > > affected ? > > > > Yes, I do. Silently changing released artefacts is actively user hostile. > > It breaks mirroring, it breaks redistribution, it breaks security audits, > > and it can even break installation for security conscious users that are > > using peep rather than pip. > >> One caveat on this: it would potentially be convenient to have a >> "release" field in the wheel naming scheme, and adopt a similar >> approach for other binary formats like Windows installers, >> specifically to allow those to be updated without needing to do a >> full source version update. > >> It's the silent substitution of file contents I have a fundamental >> problem with, not the notion of being able to publish an updated >> platform specific build artefact without having to bump the source >> release version. > > Wheel files already include the idea of a build number baked into the > filename. That would be > a different filename and thus would be allowed to be uploaded even if you > deleted the original > Wheel. Is there something about that which wouldn’t work or did it just slip > your mind?
FWIW I'd prefer to go with the "each filename maps to one binary content or was deleted" guarantee irrespective if it's a wheel, tar, egg or zip file. Besides, the cited mirroring/distribution simplifications wouldn't otherwise materialize i guess. holger --- > Donald Stufft > PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
