-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Fulton wrote:
- We now know not to remove releases.
Not everybody does: I've seen folks *recently* re-upload a changed release without bumping the version number; and "we" is a much narrower set than the set of all PyPI maintainers.
- If you are using something in production, you should archive the necessary source releases, using a tool like zc.sourcerelease.
IOW, you shouldn't do production deployments using a dynamic assembly mechanism.
Which is exaclt what I said:
You should be *very* afraid of depending on PyPI for softare rolled into production.
Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKCwBE+gerLs4ltQ4RAmdnAKDKM8hJietF8FVHZZJ8sn2iP7HFRwCfUt8s loL+AU9xuY5x1vl/D43akGg= =uHh7 -----END PGP SIGNATURE-----