Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-16488

PyPi proxy repositories don't normalize artifact names.

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.9.0
    • Fix Version/s: None
    • Component/s: PyPI
    • Story Points:
      1
    • Notability:
      3

      Description

      Per PEP 503 PyPi repositories should normalize the names of artifacts stored in them.  This is being done for hosted repositories, but it is not currently done for proxy repositories. 

      Specifically, the normalization requires that:

      only valid characters in a name are the ASCII alphabet, ASCII numbers, ., and . The name should be lowercased with all runs of the characters ., {}, or  replaced with a single - character. 

      This means that duplication of stored packages can occur, since the name stored in the proxy repository will be the one it was requested with, not the normalized name.  It also will cause confusion, components retrieved through proxy repositories will not always have the same name as what is stored on the remote.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title