Bit of an internal discussion that we re | PyPA | Page 1

atomic jay Apr 6, 2023, 4:11 PM

#

When we remove malware, we prohibit the entire project name. So package-a would no longer be publishable regardless of version.

storm skiff Apr 6, 2023, 4:11 PM

#

Oh hey Dustin. Thanks for the reply-- that is very good to hear, we were concerned our system might be missing some packages, but it sounds like that's not possible.

atomic jay Apr 6, 2023, 4:11 PM

#

Also, point of clarification on your second item: technically the filename cannot be reused, not the version: https://pypi.org/help/#file-name-reuse

storm skiff Apr 6, 2023, 4:12 PM

#

Tracking, thanks for the information, and thank you for your hard work in helping us out with PyPI security ❤️

#Bit of an internal discussion that we re