Comment by ctmnt
2 days ago
Ah, my mistake! Thanks for the correction.
But I believe you can replace versions on both, nonetheless. It’s a multi step process, unpublish then publish again. But the net effect is the same.
2 days ago
Ah, my mistake! Thanks for the correction.
But I believe you can replace versions on both, nonetheless. It’s a multi step process, unpublish then publish again. But the net effect is the same.
If you lock your dependencies, it should fail if the hash doesn't match.
PyPI enforces immutable releases.
https://pypi.org/help/#file-name-reuse
> PyPI does not allow for a filename to be reused, even once a project has been deleted and recreated...
> This ensures that a given distribution for a given release for a given project will always resolve to the same file, and cannot be surreptitiously changed one day by the projects maintainer or a malicious party (it can only be removed).