warehouse: Ability to mark a version of a package as deprecated or unsupported

Then warehouse can serve that info back when pip looks up a package, and pip can display a warning.

This allows maintainers to inform users that theyr’e using an out of date version, without needing them to modify the source of the old package.

About this issue

  • Original URL
  • State: open
  • Created 10 years ago
  • Reactions: 14
  • Comments: 16 (8 by maintainers)

Most upvoted comments

NPM allows the package owners/authors to declare the package as deprecated, adding a very visible message on the package’s page about it.

See https://www.npmjs.com/package/iltorb for example.

Here’s a proposal: Add a “deprecate package and yank all releases” button in the Manage Project page.

It’ll let the owner provide a message that’s presented prominently on the package page and would, as the name suggests, also yank all the existing releases. New releases cannot be made for a deprecated package. It’ll be possible for an owner to un-deprecate a package, but this operation would not un-yank the past releases.

+4
pradyunsg on Oct 5, 2020

Nobody can expect that a dead/unmaintained project to be able to make a new release just to declare itself as dead. We really need an wheelhouse API option to declare packages as obsolete, just we have the ability to yank or remove stuff.

+2
ssbarnea on Jan 6, 2023

Now that PEP 592 is accepted and #5837 is resolved, I hope you will consider looking at the yanking feature and see whether it suits your needs? Yanking is one way to mark a package as deprecated but it may not suit all your use cases.

+2
brainwane on Apr 23, 2020

This came up during a Pycon dinner conversation. IWBNI the admins could similarly mark a package. We were discussion the still active use of oauth despite the fact that it’s been unmaintained (with no new uploads) upstream since 2009, isn’t py3 compatible, there are better replacements (albeit with different APIs) on PyPI, and yet oauth still comes up as the top search hit. We don’t want people using the package any more, but we also don’t want to break existing usages. I’d like to see the package deprecated with a pip warning on install, and also down-rank the package in PyPI searches.

+2
warsaw on Apr 11, 2015

I think just a warning on pip install to start.

On Sat Dec 20 2014 at 12:53:12 PM Marc Abramowitz notifications@github.com wrote:

I’m guessing pip would display this warning when you do pip list –outdated and it’s a stronger warning than the outdated warning?

Would it also not allow you to do a pip install of that deprecated versions without some kind of force?

— Reply to this email directly or view it on GitHub https://github.com/pypa/warehouse/issues/345#issuecomment-67749289.

+2
alex on Dec 20, 2014
Read more comments on GitHub
← warehouse: 404 when download package
warehouse: API Tokens for old repositories too long for Travis CI encrypt →