Allow User/Maintainer control of Email and Package Version #2155
Comments
|
I'm too tired to properly consider the rest of your email, so I'll respond to in depth later. However I just wanted to mention now, that deleting versions from legacy PyPI does effect Warehouse, it just doesn't purge the cache so it may take up to uh, 24h or so for it to show up on Warehouse. In the interim time there's a bit of a hack you can use to manually purge a single URL from the cache by doing Longer term, the need for a undiscoverable CLI invocation or waiting ~24h goes away because when we add this functionality to Warehouse, it will correctly purge it's own cache. |
|
Ok, now that I've had some time to think about this. First I'd want to ask if it would be fine for you to just remove the field? I know that If not, I would need to more fully understand why you consider a properly formatted email address as invasion of privacy but don't consider a slightly munged one to be one. |
|
Thanks for getting back to me so quickly! tl;dr: When you force me to think about the munged email, I realize that I had originally munged emails to avoid robots and spam. However, this is probably not an effective protection anymore (if it ever was). What's more, given that I want people to file bugs or contact me via Github for these packages, there is no benefit to providing a badly obfuscated email. I'm therefore closing this issue as I believe it's resolved. Please note that I will be opening an issue on pypa/setuptools to see about changing the check. |
|
And by EDIT July 28, 2017: Opened http://bugs.python.org/issue31073 |
|
Can you check if it’s the metadata spec (PEP) that requires author + email, or only distutils? If it’s the spec, then the distutils check is right and this warehouse ticket should be reopened. |
|
I don't believe that either PEP 426 (Draft) nor PEP 345 (Accepted; current) mention a dependency between |
Hi,
I've just given Warehouse a whirl. This is a huge improvement. Thanks for all the hard work!
I have some feedback on my first experience.
When uploading a package, I was asked to change my email format ('user at domain dot com' did not parse correctly;
HTTPError: 400 Client Error: author_email: Invalid email address.). When I changed the format, the site used my email to create a mailto link. That feels like an invasion of my privacy, and it would be great if maintainers who are uncomfortable with it like myself could turn that off.For the moment, I've removed the
author_emailfield entirely. However, when I runpython setup.py check --strict --metadata --restructuredtextI am toldwarning: check: missing meta-data: if 'author' supplied, 'author_email' must be supplied too. Removing bothauthorandauthor_emailalso causes the check to raise an error.The combined user experience here is not great. I'm not sure what the right way to go about having a discussion on this front is (is this a
setuptoolsissue, or a PEP issue?). If the mailto link isn't created, then does it matter? On the other hand, if the data is not being used, why specify it?Given the mailto link, I decided to remove the version of the package I had just uploaded, but warehouse doesn't seem to have the ability to do so! Worse, deleting the version of the package on https://pypi.python.org/pypi doesn't seem to affect pypi.org. Before removing legacy PyPI, I'd suggest allowing maintainers to delete versions of a package.
Thanks again!
The text was updated successfully, but these errors were encountered: