Warehouse: Can't override past deleted version
Describe the bug
I uploaded a package in version 0.1.1. Then realised I had screwed it. Removed the release from Pypi (as well the tag from GH). Made my chang and attempted my new release with the same version.
Pypi complains as follows:
HTTPError: 400 Client Error: This filename has already been used, use a different version. See https://pypi.org/help/#file-name-reuse for url: https://upload.pypi.org/legacy/
Expected behavior
I should be able to upload with a past used-version provided it was deleted first.
Lawouach
All 3 comments
Hi @Lawouach! PyPI does not allow reuse of filenames. The reasoning is two-fold.
- It makes it easier for us to manage the multitude of files that PyPI serves without having to worry about collisions or stale content/versions.
- It prevents malicious actors from replacing a known good package URL with a nasty payload in the event that they compromise a users credentials.
ewdurbin
on 19 Sep 2018
Hey,
That makes sense indeed. Would it be possible to imagine a note, either in some documentation or, better, when a user wants to delete a release. I would imagine I'm not the only one making that assumption that deleting means it's a free slot once again.
Thanks,
Lawouach
on 19 Sep 2018
@Lawouach I think that's a reasonable request. I made #4737 to capture that issue.
di
on 19 Sep 2018
Related issues
gcochard
路
3Comments
zt2
路
4Comments
nlhkabu
路
4Comments
mbakke
路
3Comments
LarsFronius
路
4Comments
Most helpful comment
Hey,
That makes sense indeed. Would it be possible to imagine a note, either in some documentation or, better, when a user wants to delete a release. I would imagine I'm not the only one making that assumption that deleting means it's a free slot once again.
Thanks,