New submission from ChrisRands <chrisran...@gmail.com>:
Not sure if this is the right place to mention this (apologies if not). Naturally, package names are unique so when you run `pip install package-name` there is no ambiguity. However, this means that package names are limited and potentially valuable. Already there were some malicious users typo squatting famous package names (https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/), now fixed, but I'm more referring to the more general issue. My guess is, if python continues to grow in popularity, it is only a matter of time before some unhelpful folks decide to reserve generic package names (common words etc.) and there is a market for selling PyPI package names (like the situation with domain names now). Personally, I'm not sure this would be good for the python community, but I don't know if there is (or could be) any solutions? ---------- messages: 365454 nosy: ChrisRands priority: normal severity: normal status: open title: Mechanism to control who owns package names on PyPI? _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40132> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com