On Wed, Mar 13, 2013 at 1:23 AM, M.-A. Lemburg m...@egenix.com wrote:
On 13.03.2013 07:28, Nick Coghlan wrote:
On Tue, Mar 12, 2013 at 12:59 PM, M.-A. Lemburg m...@egenix.com wrote:
I think we should establish a versioned API like that for PyPI
to make progress easier. All major web APIs use
On Wed, Mar 13, 2013 at 11:19 PM, Nick Coghlan ncogh...@gmail.com wrote:
On Wed, Mar 13, 2013 at 1:23 AM, M.-A. Lemburg m...@egenix.com wrote:
On 13.03.2013 07:28, Nick Coghlan wrote:
On Tue, Mar 12, 2013 at 12:59 PM, M.-A. Lemburg m...@egenix.com wrote:
I think we should establish a versioned
On Wed, Mar 13, 2013 at 5:16 PM, Carl Meyer c...@oddbird.net wrote:
There is no instead of. There are parallel proposals (see the TUF
thread) to improve the security of the ecosystem, and those proposals
are not mutually exclusive with this one. If you search the PEP text,
note that you don't
On 3/14/13 3:03 AM, Nick Coghlan wrote:
I think what you currently propose (signing the metadata pip already
understands) is a good first step, especially if we can have PyPI
signing *all* the target metadata in the initial deployment, and defer
the delegation to package developers until the
On Wed, Mar 13, 2013 at 23:43 -0700, Nick Coghlan wrote:
On Wed, Mar 13, 2013 at 5:16 PM, Carl Meyer c...@oddbird.net wrote:
There is no instead of. There are parallel proposals (see the TUF
thread) to improve the security of the ecosystem, and those proposals
are not mutually exclusive
On 12.03.2013 22:26, PJ Eby wrote:
On Tue, Mar 12, 2013 at 3:59 PM, M.-A. Lemburg m...@egenix.com wrote:
On 12.03.2013 19:15, M.-A. Lemburg wrote:
I've run into a weird issue with easy_install, that I'm trying to solve:
If I place two files named
egenix_mxodbc_connect_client-2.0.2-py2.6.egg
On 3/14/13 4:58 AM, holger krekel wrote:
I haven't followed the latest TUF discussions and related docs in
depths yet but if those developments will regard simple/ as a deprecated
interface, i think this PEP here should maybe not introduce
simple/-with-externals as it will just make the
On Thu, Feb 7, 2013 at 10:19 AM, Jim Fulton j...@zope.com wrote:
On Wed, Feb 6, 2013 at 3:15 AM, Nick Coghlan ncogh...@gmail.com wrote:
As folks may be aware, I am moderating a panel called Directions in
Packaging on the Saturday afternoon at PyCon US.
Before that though, I am also organising
Maybe a different way to say it is that the current TUF integration doc
assumes that it is desirable to make minimal change to PyPI's layout and
pip, easy_install, etc. while adding security. We made several choices
based upon this assumption, including using and retaining the /simple dir.
If
On Thu, Mar 14, 2013 at 7:13 AM, Justin Cappos jcap...@poly.edu wrote:
Maybe a different way to say it is that the current TUF integration doc
assumes that it is desirable to make minimal change to PyPI's layout and
pip, easy_install, etc. while adding security. We made several choices
based
On Thu, Mar 14, 2013 at 12:54 AM, M.-A. Lemburg m...@egenix.com wrote:
The index itself is just a bag of things and, as such, one that's very
well suited to publish data, since it can easily be exposed in form
of static files, which can be put on a CDNs or mirrored using
rsync.
The TUF
Yes, Nick's suggestions are good ones.
I'd agree that getting an initial deployment together that doesn't include
things like custom metadata is probably for the best. We can certainly
add things incrementally.
Thanks,
Justin
On Thu, Mar 14, 2013 at 3:21 AM, Trishank Karthik Kuppusamy
On Thu, Mar 14, 2013 at 6:07 AM, M.-A. Lemburg m...@egenix.com wrote:
On 12.03.2013 22:26, PJ Eby wrote:
On Tue, Mar 12, 2013 at 3:59 PM, M.-A. Lemburg m...@egenix.com wrote:
On 12.03.2013 19:15, M.-A. Lemburg wrote:
I've run into a weird issue with easy_install, that I'm trying to solve:
If
On 14.03.2013 17:39, PJ Eby wrote:
On Thu, Mar 14, 2013 at 6:07 AM, M.-A. Lemburg m...@egenix.com wrote:
On 12.03.2013 22:26, PJ Eby wrote:
On Tue, Mar 12, 2013 at 3:59 PM, M.-A. Lemburg m...@egenix.com wrote:
On 12.03.2013 19:15, M.-A. Lemburg wrote:
I've run into a weird issue with
On Thu, Mar 14, 2013 at 2:11 PM, M.-A. Lemburg m...@egenix.com wrote:
Is there any way to have 0.13.1.1.0.1.5-something sort before
0.13.1.1.0.1.5 ? (e.g. like is done for release candidates)
Make it 0.13.1.1.0.1.5-devsomething, and it'll have lower
precedence than both 0.13.1.1.0.1.5 and
15 matches
Mail list logo