top | item 32027761

(no title)

AngusH | 3 years ago

The whole package has now been deprecated by the maintainer:

'PyPI wants me to enable 2FA just because I maintain this package, and both that and the mess resulting from a stunt of mine, I thought it'd be a good time to deprecate this package. Python 3 has os.replace and os.rename which probably do well enough of a job for most usecases.'

https://github.com/untitaker/python-atomicwrites

Edit:

From the bug report

'I decided to deprecate this package. While I do regret to have deleted the package and did end up enabling 2FA, I think PyPI's sudden change in rules and bizarre behavior wrt package deletion doesn't make it worth my time to maintain Python software of this popularity for free. I'd rather just write code for fun and only worry about supply chain security when I'm actually paid to do so.'

I can see the maintainers point, even if it may be inconvenient.

discuss

staticassertion|3 years ago

That sounds like a best of both worlds. PyPI sets a minimum bar for developer responsibility and you can opt out of publishing to PyPI if you don't want to be that responsible.

The system works.

whizzter|3 years ago

I wonder how people who maintain CI pipelines feels about it on monday if they're recalled from vacations because the pipelines broke.