[Zope-dev] Re: bad "zope.size" to remove from PyPI
Tres Seaver
tseaver at palladion.com
Sat Aug 2 15:24:08 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Philipp von Weitershausen wrote:
> El 2 Aug 2008, a las 17:45 , Chris Withers escribió:
>> Benji York wrote:
>>>> In case anybody's wondering how this complies with our "no removal
>>>> of any
>>>> release whatsoever" policy [1], be assured that a 3.4dev-r73090
>>>> thing isn't
>>>> a release by our standards. This version number not only contains
>>>> the 'dev'
>>>> marker, meaning it must have come from a development branch
>>>> (possibly the
>>>> trunk), it also contains the -rXXX suffix meaning it was made
>>>> right from a
>>>> subversion checkout without having created a tags first (why else
>>>> would you
>>>> want to include the revision number).
>>> Still, it's likely that someone was using it and their buildouts
>>> are now
>>> broken. We should have instead generated a proper release with a
>>> higher
>>> version number and left the dev release alone.
>> This is silly.
>>
>> Mistakes happen. Buildout and/or setuptools should be tolerant of
>> accidental releases that are then removed from PyPI.
>>
>> What currently happens in cases like this?
>
> Nothing. It's only a problem if somebody pinned zope.size version to
> 3.4dev-r73090 in their buildout.cfg. But that's their own fault IMHO
> because it's clearly not a release.
We ought to look at yanking PyPI privileges for anybody who is pushing
such eggs out.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIlLRY+gerLs4ltQ4RAieGAKDaDX6HX+xZZMA4sVGX6YbpoCVFLQCfW5gY
4AZZlvIHyyTx2uGZvJrYp8E=
=WSJT
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list