#238 Missing files from PyPI

sandbox
closed-fixed
nobody
None
5
2013-07-24
2013-07-23
Donald Stufft
No

Currently docutils seems to be missing some versions from being hosted on PyPi, this presents security and performance challenges. If you could upload the releases to PyPi and then follow the instructions at pypi-externals.caremad.io/help/what/ it'd be great!

There are a few releases hosted on PyPI which are 0.6, 0.7, 0.8, 0.8.1, 0.9, 0.9.1, 0.10 however 0.3, 0.3.5, 0.3.7, 0.3.9, 0.4, 0.5, 0.6, 0.7, and 0.11 are not.

Discussion

  • sorry missed to upload 0.11 to pypi

    what security/performance risk is in not having an ancient package on pypi ?

     
  • Donald Stufft
    Donald Stufft
    2013-07-23

    If nobody is installing them? Nothing. But if anyone has those older versions pinned and are still installing them then the same as for a newer package. However you still have external urls and such turned on in your PyPI page so the packaging tools will crawl the source forge etc pages looking for those versions. So you should still follow the instructions at pypi-externals.caremad.io/help/what/ to solve the general security/performance problems of external urls. There's also a more detailed description on that page.

    I mostly care about the newer ones though and just included the older ones for completeness sake.

     
  • i turned "Hosting Mode" to "Do not extract URL ..."
    and upload all version and remove all download urls.
    although i assume this problem originates in a change in pypi.

     
  • Donald Stufft
    Donald Stufft
    2013-07-24

    PyPI's always had this problem :) Just recently there's been a push to get rid of it.

    Thanks a lot! You're awesome!

     
  • did not remove download urls, unnecessary as i understand the description.

     
    • status: open --> closed-fixed