PEP-427 - Escaping and Unicode requires wheel and PEP-625 Specification require the sdist files distribution name part to be normalised by replacing all non-alphanumeric characters wit the
_ character. This means that a package name of
a.b-c.d gets transformed to
I’d like to propose to not make this escape for the
. character. The
. character is often used to define namespace packages. E.g. package
pypi.beta is both under the
pypi organization, and often are namespace packages under the
pypi root package. Having the
. in the distribution name makes it easy for systems to determine if a package belongs to a given namespace or not by just looking at the file names. By doing the normalization it’s no longer possible to do this, because package name
a_b_c_d could be either
a.b.c_d and so on.
The use case where I’ve run into this is setting up role-based upload policies for Artifactory.
setuptools does not follow the above recommendation, so one can say that for packages in the
a namespace (starting with
a. in their distribution name) allow users 1, 2 and 3 to upload. Given the above normalization, such policies are no longer configurable because now you no longer are able to determine the namespace of the package by just looking at the filename. Having to open package and look into it makes URL pattern permissioning not possible.
I ran into this while using
hatchling that follows this recommendation. The fact that setuptoools does not follow this tells me should be safe to make this change, unless someone with more understanding of those PEPs can tell otherwise.
Just to clarify take for example package
zope.sqlalchemy. The PyPI URI is Links for zope-sqlalchemy which I’m happy with. But I’d like
zope.sqlalchemy-1.6-py2.py3-none-any.whl to still be valid once you load that page or upload such filename to Links for zope-sqlalchemy
The way PEP-427 is formulated
zope.sqlalchemy-1.6-py2.py3-none-any.whl should be
zope_sqlalchemy-1.6-py2.py3-none-any.whl. I think normalizing characters other than
. in the distribution name should be kept, but let’s not normalize the
. character in the distribution name.
PS. PEP-503 - Normalized Names is what goverens the rewrite of the name in the
https://pypi.org/simple/zope-sqlalchemy which we can keep as is I think.