It is possible to upload duplicate (nevra) packages per repository
Currently (1.15.2/3.4.2) it is possible to upload a package with a duplicate nevra, but differing digest. The package is uploaded successfully and it is difficult to determine which instance of the package is which.
This can cause issues in CI tools (or general user oops) in that duplicate packages can be uploaded. Not to mention I have no idea how Yum will handle this (likely poorly, I did not verify however pulp issue suggests so). I was able to remove the offending package, but I had to drop to the api and "guess" which was the correct one (the older package id). Pulp has an outstanding issue 213 that mentions this.
My request is that for now, the api default denies attempts to duplicate NEVRA uploads for a given repository. Maybe adding a
overwrite flag if appropriate.
Related IRC discussion on the matter.