Trusted publishing: pending publisher should warn about ultranormalized name collision

[twm]

What's the problem this feature will solve?

I created a pending publisher when I named my package:

But when I tried to use it I got an error:

Error: Trusted publishing exchange failure:
Token request failed: the server refused the request for the following reasons:

• invalid-payload: The name 'coveragepth' is too similar to an existing project. See https://pypi.org/help/#project-name for more information.

It's probably colliding with coverage_pth, the abandoned package I'm trying to replace.

Describe the solution you'd like

The PyPI UI should warn that the pending publisher will fail to create the package due to a name conflict. I'd expect this check to happen on page load, since the UI warns that races are possible:

Alternatively, it could be treated as a form validation error like a closer match does:

Additional context

Related issues:

• Ultranormalization encourages name squatting #11139
• Add the ability to reserve a name #2082

[woodruffw]

Thanks for the report @twm!

I agree this should be a form error, like the second screenshot you posted.

(A variant of this error will still be possible when a project with a too-similar name is created between the pending publisher's creation and use. But that should be much less common.)

[woodruffw]

I've asked @DarkaMaul to take a look at fixing this 🙂

[twm]

Thanks @woodruffw! I would also be happy to give it a go myself if that'd be helpful.

[woodruffw]

No problem with me!