Log file Viewer

[17:59:58] <caturday> hi all

[18:00:36] <caturday> are there guidelines for what packages are eligible for inclusion in pypi?

[18:01:40] <caturday> i ask because due to poor naming on our side (which we're fixing), a pypi package with the same name as one of ours took precedence

[18:02:17] <caturday> i was curious what was actually in it, when i discovered that it's a single __init__.py that takes arguments and posts them to a hard-coded url

[18:02:26] <caturday> all of 10 lines

[18:02:49] <caturday> only a single version was ever published, in september 2018

[18:03:17] <caturday> the "project webpage" links to a related github account that doesn't actually seem to contain the code for this library

[18:03:42] <caturday> it has the look of a personal convenience library that maybe was mistakenly added to pypi

[18:04:13] <caturday> i'm not concerned about this from a naming perspective - we're changing our package names to adhere to the relevant PEP guidance

[18:10:17] <toad_polo> caturday: There are terms and conditions, but I think there's no complexity threshhold or anything. It's not a curated set of packages.

[18:10:18] <toad_polo> Unmaintained packages can have their names reclaimed: https://www.python.org/dev/peps/pep-0541/

[18:10:36] <toad_polo> If you think it's malicious, that's a different story.

[18:17:34] <dstufft> We remove malicous packages, where "malcious" can be a little fuzzy

[18:33:32] <pombreda_> (like something that's well documented to entice me to use it but poorly coded and buggy and a waste of time: I call this malicious ;) )

[21:01:43] <caturday> toad_polo: interesting. that's much more hands-off than i was expecting