[lxml-dev] lxml 2.0.4 released
Martijn Faassen
faassen at startifact.com
Tue Apr 15 15:48:22 CEST 2008
Hey Stefan,
On Tue, Apr 15, 2008 at 1:22 PM, Stefan Behnel <stefan_ml at behnel.de> wrote:
> I know, I normally wouldn't do that, sorry. But in this case, there were some
> 10 minutes between the time I sent the release mail and deleting the source
> tar from PyPI, and less than 20 minutes before having the fix up. It usually
> takes a couple of days to weeks to walk up into Debian etc., and I don't
> expect many people to jump on the train within seconds, so the harm done here
> should really be negligible...
I know the harm done is probably neglible, but that's only "probably"
you still shouldn't do it. :)
People who use easy_install or zc.buildout might've hit the 10 minute
window and will end up with a slightly different version. People are
pulling stuff from the cheeseshop automatically quite frequently these
days. Your average Plone buildout includes lxml, for instance.
> Note also that PyPI presents the MD5 sum of the file, so you can click on that
> to see if what you have is what you want. If there is a problem (admittedly unlikely), it might be quite a while before they consider
> checking MD5 sums.
Anyway, it's up to you, of course. It's just that even while doing
this was low-risk, the risk can be entirely eliminated instead.
Regards,
Martijn
P.S. I should add that overall you're doing a most excellent job with
lxml, much better than I could've done myself. So this is just a small
issue while I actually continue to be blissfully happy. :)
More information about the lxml-dev
mailing list