Message365454
Not sure if this is the right place to mention this (apologies if not). Naturally, package names are unique so when you run `pip install package-name` there is no ambiguity. However, this means that package names are limited and potentially valuable. Already there were some malicious users typo squatting famous package names (https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/), now fixed, but I'm more referring to the more general issue.
My guess is, if python continues to grow in popularity, it is only a matter of time before some unhelpful folks decide to reserve generic package names (common words etc.) and there is a market for selling PyPI package names (like the situation with domain names now). Personally, I'm not sure this would be good for the python community, but I don't know if there is (or could be) any solutions? |
|
Date |
User |
Action |
Args |
2020-04-01 08:56:05 | ChrisRands | set | recipients:
+ ChrisRands |
2020-04-01 08:56:05 | ChrisRands | set | messageid: <1585731365.14.0.524521872477.issue40132@roundup.psfhosted.org> |
2020-04-01 08:56:05 | ChrisRands | link | issue40132 messages |
2020-04-01 08:56:04 | ChrisRands | create | |
|