Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Soft Deletes Meta Issue #6091

Open
1 task
ewdurbin opened this issue Jun 25, 2019 · 5 comments
Open
1 task

Soft Deletes Meta Issue #6091

ewdurbin opened this issue Jun 25, 2019 · 5 comments
Labels
meta Meta issues (rollouts, etc)

Comments

@ewdurbin
Copy link
Member

Currently, all deletes are good and proper Deletions.

This imposes quite a bit of risk for moderator activities, causes confusion and frustration for maintainers, and blocks us from implementing some important features down the line.

This issue is a "Meta Issue" for tracking progress on soft deletion implementation for models for which it makes sense.

Currently:
@brainwane brainwane mentioned this issue Jul 1, 2019
Open
@di di added the meta Meta issues (rollouts, etc) label Jan 15, 2020
@benjaoming
Copy link
Contributor

benjaoming commented Mar 4, 2020
edited
Loading

Is this issue okay to use for feedback/input? Otherwise, I'll happily delete and post elsewhere.

Here is a scenario that might cause frustrations in the future, as the pattern might propagate: Bots (like dependabot) + Pipenv.lock + package deletion = 😖

This is already happening.

In this scenario, bots create updates (PRs) for Pipenv.lock that are hard for humans to read, they quickly and automatically pass the build, and once they are merged, they're broken -- because the package take a while for a human to delete, and PRs take a while for humans to merge.

There are some ingredients in the deletion that can perhaps be put to use?

  • Statistics = 0-10 downloads: If (almost) no one ever used the release or project, then fine just delete it. The threshold should of course be defined and adapted over time.
  • <30 minutes ago: Soft deletion is possible but the number of downloads are visible to the one deleting the release with a big warning.
  • >30 minutes ago: You cannot delete the package. It's considered "in the wild" and only a malicious package will be marked as deleted.
  • Marked as deleted: Future pip releases should be able to raise an exception "This release was deleted by the owner or package index administrators".

@di
Copy link
Member

di commented Mar 4, 2020

Hi @benjaoming, thanks for the feedback. I think that this issue would be resolved by completing #5837 and implementing "yanking" as an alternative to performing a deletion (regardless of whether it's a hard delete or a soft delete), as you would still be able to pin to a yanked package without issue.

@brainwane brainwane mentioned this issue Oct 8, 2020
Closed
@di di mentioned this issue Dec 1, 2022
Open
@ewdurbin
Copy link
Member Author

ewdurbin commented Aug 2, 2023

https://github.com/flipbit03/sqlalchemy-easy-softdelete seems to be a potential option for implementing soft-deletes.

@miketheman
Copy link
Member

Adding related conversation: https://discuss.python.org/t/stop-allowing-deleting-things-from-pypi/17227
and #11841

@woodruffw
Copy link
Member

More xreffing: https://discuss.python.org/t/pep-763-limiting-deletions-on-pypi/69487 and PEP 763 for limiting deletions on PyPI (i.e. moving 100% to yanks/soft deletes).

@di di mentioned this issue Jan 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
meta Meta issues (rollouts, etc)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@di @benjaoming @miketheman @ewdurbin @woodruffw