@file{private-package} is private package, because it contains
@file{.internal} file. It can be uploaded and queries to it are not
-proxied to upstream PyPI. You have to create it manually. If you upload
-GPG signature, then it will be also stored.
+proxied to upstream PyPI. You have to create it manually.
Each packages release file has @code{mtime} set to its upload time.
+Package's serial is a sum of @code{mtime}s of the directory and
+@file{.metadata.rec} (if it exists).