From d58e6b241ce6fd2d65da469c32189b51a5572ff8 Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Fri, 18 Nov 2022 15:24:35 -0500 Subject: [PATCH] Try to make filename reuse FAQ more clear (#12571) --- warehouse/locale/messages.pot | 129 +++++++++++++++------------- warehouse/templates/pages/help.html | 27 +++++- 2 files changed, 94 insertions(+), 62 deletions(-) diff --git a/warehouse/locale/messages.pot b/warehouse/locale/messages.pot index 76322ad2acb3..e1949955dd8e 100644 --- a/warehouse/locale/messages.pot +++ b/warehouse/locale/messages.pot @@ -576,25 +576,24 @@ msgstr "" #: warehouse/templates/pages/help.html:719 #: warehouse/templates/pages/help.html:727 #: warehouse/templates/pages/help.html:738 -#: warehouse/templates/pages/help.html:755 -#: warehouse/templates/pages/help.html:762 -#: warehouse/templates/pages/help.html:770 -#: warehouse/templates/pages/help.html:786 +#: warehouse/templates/pages/help.html:783 #: warehouse/templates/pages/help.html:791 -#: warehouse/templates/pages/help.html:796 -#: warehouse/templates/pages/help.html:806 -#: warehouse/templates/pages/help.html:815 -#: warehouse/templates/pages/help.html:829 -#: warehouse/templates/pages/help.html:837 -#: warehouse/templates/pages/help.html:845 -#: warehouse/templates/pages/help.html:853 -#: warehouse/templates/pages/help.html:862 -#: warehouse/templates/pages/help.html:882 -#: warehouse/templates/pages/help.html:897 -#: warehouse/templates/pages/help.html:898 -#: warehouse/templates/pages/help.html:899 -#: warehouse/templates/pages/help.html:900 -#: warehouse/templates/pages/help.html:905 +#: warehouse/templates/pages/help.html:807 +#: warehouse/templates/pages/help.html:812 +#: warehouse/templates/pages/help.html:817 +#: warehouse/templates/pages/help.html:827 +#: warehouse/templates/pages/help.html:836 +#: warehouse/templates/pages/help.html:850 +#: warehouse/templates/pages/help.html:858 +#: warehouse/templates/pages/help.html:866 +#: warehouse/templates/pages/help.html:874 +#: warehouse/templates/pages/help.html:883 +#: warehouse/templates/pages/help.html:903 +#: warehouse/templates/pages/help.html:918 +#: warehouse/templates/pages/help.html:919 +#: warehouse/templates/pages/help.html:920 +#: warehouse/templates/pages/help.html:921 +#: warehouse/templates/pages/help.html:926 #: warehouse/templates/pages/sponsors.html:33 #: warehouse/templates/pages/sponsors.html:37 #: warehouse/templates/pages/sponsors.html:41 @@ -6154,7 +6153,7 @@ msgid "Troubleshooting" msgstr "" #: warehouse/templates/pages/help.html:186 -#: warehouse/templates/pages/help.html:782 +#: warehouse/templates/pages/help.html:803 msgid "About" msgstr "" @@ -7151,22 +7150,34 @@ msgstr "" msgid "A file with the exact same content exists" msgstr "" -#: warehouse/templates/pages/help.html:753 +#: warehouse/templates/pages/help.html:754 msgid "" "PyPI does not allow for a filename to be reused, even once a project has " "been deleted and recreated." msgstr "" -#: warehouse/templates/pages/help.html:755 -#, python-format +#: warehouse/templates/pages/help.html:760 +msgid "" +"A distribution filename on PyPI consists of the combination of project " +"name, version number, and distribution type." +msgstr "" + +#: warehouse/templates/pages/help.html:766 msgid "" -"To avoid this situation, use Test PyPI to " -"perform and check your upload first, before uploading to pypi.org." +"This ensures that a given distribution for a given release for a given " +"project will always resolve to the same file, and cannot be " +"surreptitiously changed one day by the projects maintainer or a malicious" +" party (it can only be removed)." msgstr "" -#: warehouse/templates/pages/help.html:762 +#: warehouse/templates/pages/help.html:774 +msgid "" +"To avoid this situation in most cases, you will need to change the " +"version number to one that you haven't previously uploaded to PyPI, " +"rebuild the distribution, and then upload the new distribution." +msgstr "" + +#: warehouse/templates/pages/help.html:783 #, python-format msgid "" "If you would like to request a new trove classifier file a pull request " @@ -7175,7 +7186,7 @@ msgid "" " to include a brief justification of why it is important." msgstr "" -#: warehouse/templates/pages/help.html:770 +#: warehouse/templates/pages/help.html:791 #, python-format msgid "" "If you're experiencing an issue with PyPI itself, we welcome " @@ -7186,14 +7197,14 @@ msgid "" " first check that a similar issue does not already exist." msgstr "" -#: warehouse/templates/pages/help.html:777 +#: warehouse/templates/pages/help.html:798 msgid "" "If you are having an issue is with a specific package installed from " "PyPI, you should reach out to the maintainers of that project directly " "instead." msgstr "" -#: warehouse/templates/pages/help.html:786 +#: warehouse/templates/pages/help.html:807 #, python-format msgid "" "PyPI is powered by the Warehouse project; ." msgstr "" -#: warehouse/templates/pages/help.html:813 +#: warehouse/templates/pages/help.html:834 msgid "" "As of April 16, 2018, PyPI.org is at \"production\" status, meaning that " "it has moved out of beta and replaced the old site (pypi.python.org). It " "is now robust, tested, and ready for expected browser and API traffic." msgstr "" -#: warehouse/templates/pages/help.html:815 +#: warehouse/templates/pages/help.html:836 #, python-format msgid "" "PyPI is heavily cached and distributed via private index." msgstr "" -#: warehouse/templates/pages/help.html:829 +#: warehouse/templates/pages/help.html:850 #, python-format msgid "" "We have a huge amount of work to do to continue to maintain and improve " @@ -7266,22 +7277,22 @@ msgid "" "target=\"_blank\" rel=\"noopener\">the Warehouse project)." msgstr "" -#: warehouse/templates/pages/help.html:834 +#: warehouse/templates/pages/help.html:855 msgid "Financial:" msgstr "" -#: warehouse/templates/pages/help.html:834 +#: warehouse/templates/pages/help.html:855 #, python-format msgid "" "We would deeply appreciate your donations to fund " "development and maintenance." msgstr "" -#: warehouse/templates/pages/help.html:835 +#: warehouse/templates/pages/help.html:856 msgid "Development:" msgstr "" -#: warehouse/templates/pages/help.html:835 +#: warehouse/templates/pages/help.html:856 msgid "" "Warehouse is open source, and we would love to see some new faces working" " on the project. You do not need to be an experienced " @@ -7289,7 +7300,7 @@ msgid "" " you make your first open source pull request!" msgstr "" -#: warehouse/templates/pages/help.html:837 +#: warehouse/templates/pages/help.html:858 #, python-format msgid "" "If you have skills in Python, ElasticSearch, HTML, SCSS, JavaScript, or " @@ -7303,7 +7314,7 @@ msgid "" "here." msgstr "" -#: warehouse/templates/pages/help.html:845 +#: warehouse/templates/pages/help.html:866 #, python-format msgid "" "Issues are grouped into Python packaging forum on Discourse." msgstr "" -#: warehouse/templates/pages/help.html:862 +#: warehouse/templates/pages/help.html:883 #, python-format msgid "" "Changes to PyPI are generally announced on both the %(href)s." msgstr "" -#: warehouse/templates/pages/help.html:873 +#: warehouse/templates/pages/help.html:894 #, python-format msgid "" "More information about this list can be found here: %(href)s." msgstr "" -#: warehouse/templates/pages/help.html:877 +#: warehouse/templates/pages/help.html:898 msgid "" "When Warehouse's maintainers are deploying new features, at first we mark" " them with a small \"beta feature\" symbol to tell you: this should " @@ -7361,11 +7372,11 @@ msgid "" "functionality." msgstr "" -#: warehouse/templates/pages/help.html:878 +#: warehouse/templates/pages/help.html:899 msgid "Currently, no features are in beta." msgstr "" -#: warehouse/templates/pages/help.html:882 +#: warehouse/templates/pages/help.html:903 #, python-format msgid "" "\"PyPI\" should be pronounced like \"pie pea eye\", specifically with the" @@ -7375,39 +7386,39 @@ msgid "" "implementation of the Python language." msgstr "" -#: warehouse/templates/pages/help.html:894 +#: warehouse/templates/pages/help.html:915 msgid "Resources" msgstr "" -#: warehouse/templates/pages/help.html:895 +#: warehouse/templates/pages/help.html:916 msgid "Looking for something else? Perhaps these links will help:" msgstr "" -#: warehouse/templates/pages/help.html:897 +#: warehouse/templates/pages/help.html:918 msgid "Python Packaging User Guide" msgstr "" -#: warehouse/templates/pages/help.html:898 +#: warehouse/templates/pages/help.html:919 msgid "Python documentation" msgstr "" -#: warehouse/templates/pages/help.html:899 +#: warehouse/templates/pages/help.html:920 msgid "(main Python website)" msgstr "" -#: warehouse/templates/pages/help.html:900 +#: warehouse/templates/pages/help.html:921 msgid "Python community page" msgstr "" -#: warehouse/templates/pages/help.html:900 +#: warehouse/templates/pages/help.html:921 msgid "(lists IRC channels, mailing lists, etc.)" msgstr "" -#: warehouse/templates/pages/help.html:903 +#: warehouse/templates/pages/help.html:924 msgid "Contact" msgstr "" -#: warehouse/templates/pages/help.html:905 +#: warehouse/templates/pages/help.html:926 #, python-format msgid "" "The {{ file_name_reuse() }}
  • {% trans %}Filename has been used but file no longer exists{% endtrans %}
  • {% trans %}A file with the exact same content exists{% endtrans %}
    • -

    {% trans %}PyPI does not allow for a filename to be reused, even once a project has been deleted and recreated.{% endtrans %}

    - {% trans test_pypi_href='https://packaging.python.org/guides/using-testpypi/', pypi_href='https://pypi.org', title=gettext('External link') %} - To avoid this situation, use Test PyPI to perform and check your upload first, before uploading to pypi.org. + {% trans %} + PyPI does not allow for a filename to be reused, even once a + project has been deleted and recreated. + {% endtrans %} +

    +

    + {% trans %} + A distribution filename on PyPI consists of the combination of + project name, version number, and distribution type. + {% endtrans %} +

    +

    + {% trans %} + This ensures that a given distribution for a given release for a + given project will always resolve to the same file, and cannot be + surreptitiously changed one day by the projects maintainer or a + malicious party (it can only be removed). + {% endtrans %} +

    +

    + {% trans %} + To avoid this situation in most cases, you will need to change the + version number to one that you haven't previously uploaded to PyPI, + rebuild the distribution, and then upload the new distribution. {% endtrans %}