Since late January, the python package index (PyPI) supports archiving projects/packages. This is, in fact, a very welcome feature, since it clearly tells without any doubt when a package is no longer maintained and will not receive any further updates.
It makes it easier for the person looking for packages, to know which ones deserve a closer inspection and which ones are there abandoned, polluting the results.
Previously, the only viable way to retire a package was by adding a disclaimer to the README, and let it sit there indefinitely, being treated just like the other active packages.
“You had the option of deleting the package”, you might say. Yes, but as I explained in a previous post, this is dangerous and should be avoided. So, archiving is in my view the best course of action when a person no longer wants to maintain their published packages and projects.
With this in mind, this week I decided to do my part and archive old packages that I had published for different reasons and were there abandoned for years. These were:
- mdvis: a small package I wrote many years ago, mostly to learn how to publish things on PyPI.
- auto-tune: something I was about to start working on for a previous employer and that was cancelled at the last minute.
- django-cryptolock: an experiment done for a previous client. It tried to implement an existing proposal for an authentication scheme, using Monero wallets.
- monero-python: a few years ago, during my day-to-day work, this package was removed (then renamed by the original author). At the time, it was a direct dependency for many projects and tools, which meant a malicious actor could have taken it and compromise those systems. As a precaution, I grabbed the open name. It has been there empty ever since.
Now it is your turn.
After a sufficient number of packages get marked as archived, we can hope for some enhancements to the search functionality of PyPI. Namely, a way of filtering out archived packages from the results and a visual marker for them in the list view. One step at a time.
Reposts