Skip to content

Project gets "stuck" on most recent release after deleting it #12284

@smheidrich

Description

@smheidrich

Describe the bug
If you delete the most recent release of a project on test.pypi.org (and presumably also on pypi.org, I just don't want to spam that with useless packages) and then upload releases with larger version numbers, PyPI remains "stuck" on the now-deleted release forever: The project's public page keeps showing the deleted release as the most recent one and the newer ones can't be found in the release history either. They are only accessible for the package owner under "Manage project" and under their URLs with explicitly specified version numbers.

Most troublingly however, they're not listed in the index used by pip and it doesn't find the more recent releases even if you specify them explicitly (as in pip install pkg==most.recent.version).

I created a demo project showing this behavior here. Version 0.1.1 was deleted, after which 0.1.2 was uploaded. It still shows 0.1.1 on the project's main page and 0.1.2 is missing in the release history.

Expected behavior
The project's main page, release history and index used by pip should list the releases uploaded after the deleted one.

To Reproduce

  1. Upload a dummy project to test.pypi.org at version 0.1.0.
  2. Upload another version of it, e.g. 0.1.1.
  3. In the PyPI web interface, delete this second version (if you delete the first version, the whole project will become inaccessible - probably a variant of this bug so I won't open another ticket for this).
  4. Upload another more recent release, e.g. 0.1.2.
  5. Notice that this latter release isn't anywhere to be found on the public-facing pages and index.

My Platform
Probably not relevant. Releases were uploaded with twine 4.0.1.

Additional context
This defeats the purpose of deletion, which is meant for (usually urgent) legal complaints and the like. Not only does the release not get deleted, it also becomes impossible to at least "hide it" behind more recent releases. Presumably the only recourse in such cases would be deleting the whole project.

Activity

di

di commented on Sep 28, 2022

@di
Member

This is likely a duplicate of #12214

di

di commented on Sep 28, 2022

@di
Member

Closing as a duplicate of #12214.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug 🐛requires triagingmaintainers need to do initial inspection of issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @di@smheidrich

        Issue actions

          Project gets "stuck" on most recent release after deleting it · Issue #12284 · pypi/warehouse