Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Name-Squatting on Pypi.org: Removed projects if no code is added after 6+ months #4004

Closed
jeff00seattle opened this issue May 16, 2018 · 3 comments
Closed

Name-Squatting on Pypi.org: Removed projects if no code is added after 6+ months #4004

jeff00seattle opened this issue May 16, 2018 · 3 comments
Labels
feature request needs discussion a product management/policy issue maintainers and users should discuss

Comments

@jeff00seattle
Copy link

jeff00seattle commented May 16, 2018
edited
Loading

What's the problem this feature will solve?
On Pypi.org, there are several Python projects that are completely empty, no content except a one-line README, and have not been touched in years for the single purpose of name-squatting, for example, requests_extension was created in 2014 and nothing since.
Name-Squatting Example with Inactive Contributors (not okay): https://pypi.org/project/requests_extension/#description

I can understand for those active Pypi.org contributors such as requests2 wanting to name-squat requests3 because requests2 is now up to version 2.6+, such permitted name-squatting is allowed. However, what if someone else not associated with contributing to requests2 had squatted on requests3 and does nothing with it? Recourse or kicking out name-squatters within Pypi.org is not found.
Active Example: https://pypi.org/project/requests2/#description
Name-Squatting Example owned by Active Example (totally okay): https://pypi.org/project/requests3/#description

Describe the solution you'd like
Projects that have not code and for the expressed interest of name-squatting and has not been touched for over 6 months should be removed, so that Project name could be made available to more active contributors to Pypi.org. The original owner of the name-squatting project can reclaim the same Project name but only after a waiting period of 30 days.

Additional context
Similar request for issue 4003
@jeff00seattle jeff00seattle mentioned this issue May 16, 2018
Closed
@dwighthubbard
Copy link

Organizations may register packages for their organization namespace so public users don't accidentally create packages that conflict with the packages in their internal private repos.

The packages on the public repos would then be empty, but it doesn't mean that they are unused.

It would be useful to have a way to determine this is the case, vs someone grabbed the name and never used it however.

@jamadden jamadden mentioned this issue May 25, 2018
Closed
@nlhkabu nlhkabu added feature request needs discussion a product management/policy issue maintainers and users should discuss labels Jul 29, 2018
@timkpaine
Copy link

name squatter: https://pypi.org/user/suroegin/

This was referenced Jun 19, 2019
Open
Closed
@di
Copy link
Member

di commented Apr 30, 2020

Since this issue was first created, PEP 541 has been accepted and implemented.

Aside from that process, PyPI has no plans to archive, hide or otherwise remove any existing packages.

@di di closed this as completed Apr 30, 2020
@pypi pypi locked as resolved and limited conversation to collaborators Apr 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature request needs discussion a product management/policy issue maintainers and users should discuss
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dwighthubbard @di @jeff00seattle @timkpaine @nlhkabu