Offer a discouraged/deprecated releases option?

[ncoghlan]

(Migrated from #726 (comment))

Legacy PyPI had an oft-confusing feature called "hidden releases", which allowed a release to be completely hidden from the web UI, while still leaving it available in the API for installers to access.

Warehouse doesn't implement that feature due to the inherently confusing nature of having client tools be able to install a release that humans can't see in the web UI.

Having, there may be value in offering a way for projects to mark a release as "discouraged", and indicate that in the UI in some fashion that doesn't involve hiding it completely.

[di]

This sounds a bit more like #345 than the legacy-style feature (which could be toggled at-will)

[ncoghlan]

I think they're slightly different things, although definitely related (more a difference in degree than in kind).

One way of looking at it: #345 seems to be mainly about putting up "Danger: Keep Out" signs, whereas this would be more about being able to put up a "Watch Your Step" sign (and perhaps have alpha and beta releases get the "Watch Your Step" marker by default).

[brainwane]

@ncoghlan what do you think of #1462?

[mulka]

Leaving my 2 cents here:

I found a package on pypi that wasn't being updated, so created a fork, and pushed the new version as a separate package on pypi. Then, the original maintainer came back and assigned it to a new maintainer who got the project back up to date. I'd like to mark my fork as deprecated. If anyone is using it, they should probably switch back to the original package. So, I'd like a way to say this on the pypi page without having to upload a new release via command line. I'd like to just use the web UI.

[brainwane]

@mulka Now that PEP 592 is accepted and implemented #5837, take a look at the yanking feature and see whether it works for your use case?

[mulka]

@brainwane Ok, so I just tested the yanking feature. I yanked the only release for django-twilio2. Now the project page shows a 404, but you can still install it using pip install django-twilio2. So, that's kind of weird, but for my use case it is probably fine. This makes me think that what @ncoghlan said in this issue originally isn't quite true any more with the yanking feature: "Warehouse doesn't implement that feature due to the inherently confusing nature of having client tools be able to install a release that humans can't see in the web UI."

[mulka]

Oh, and it looks like the page for the specific release still shows up and doesn't seem to indicate that it has been yanked: https://pypi.org/project/django-twilio2/0.9.0/

[dstufft]

@mulka I think you should open a bug report about Warehouse's behavior when yanking the only release a project has. We generally don't want that page to 404, the only reason it's 404ing for you is you don't have any unyanked releases to display there. We might want to adjust our logic to do something different.

[di]

Thanks for the report @mulka, I'm looking into this, no need to make a bug report.

[di]

OK, I fixed @mulka's issue:

• https://pypi.org/project/django-twilio2/ is no longer 404
• https://pypi.org/project/django-twilio2/0.9.0/ is no longer 500

Also, I'm going to call this issue fixed & a duplicate of #5837!

[tiegz]

Hey all, I found this issue and noticed that the API endpoint for django-twilio2 still 404s, which seemed inconsistent with the web url no longer 404'ing: https://pypi.org/pypi/django-twilio2/json. Is that intentional?

[di]

That looks like a bug, thanks! I filed #8966.