Re: [Distutils] [Python-ideas] Pypi private repo's

2018-04-04 Thread Jannis Gebauer
What if there was some kind of “blessed” entity that runs these services and puts the majority of the revenue into a fund that funds development on PyPi (maybe trough the PSF)? Jannis > On 4. Apr 2018, at 23:24, Dustin Ingram wrote: > > This was recently discussed on the

[Distutils] Building a Python package build service for warehouse

2018-02-06 Thread Jannis Gebauer
Hi! I’m currently working on a package build server. My goal is to produce useful additional meta data for all packages available on PyPi. This includes: - Transitive dependencies - Is the package installable under Python 3? - Various automated “code quality” tests like pylint, pyflakes, pep8,

Re: [Distutils] Announcement: Pip 10 is coming, and will move all internal APIs

2017-10-20 Thread Jannis Gebauer
Thanks for the heads-up, Paul. I’m currently using `pip.get_installed_distributions` and as far as I can see that has moved into `_internal`, too: https://github.com/pypa/pip/blob/master/src/pip/_internal/utils/misc.py#L333

Re: [Distutils] Getting dependecies of package from PyPiJSON

2017-07-20 Thread Jannis Gebauer
btainable via JSON Api? > > Best, > Krzysztof > > 2017-07-20 15:04 GMT+02:00 Jannis Gebauer <ja@me.com > <mailto:ja@me.com>>: > Hi Krzysztof, > > Two options, e.g. for the “graphene” package: > > - https://pypi.python.org/pypi/graphene

Re: [Distutils] Getting dependecies of package from PyPiJSON

2017-07-20 Thread Jannis Gebauer
Hi Krzysztof, Two options, e.g. for the “graphene” package: - https://pypi.python.org/pypi/graphene/json - https://pypi.org/pypi/graphene/json Best, Jannis > On 20. Jul 2017, at 14:55, Krzysiek Płachno

Re: [Distutils] Malicious packages on PyPI

2017-06-01 Thread Jannis Gebauer
> This makes me remember > https://hackernoon.com/building-a-botnet-on-pypi-be1ad280b8d6 > on a related > note. Yep, that’s basically the same thing. Instead of using package names of builtins, the attacker is using a

[Distutils] The sad and insecure state of commercial private package indexes

2017-04-21 Thread Jannis Gebauer
pip and PyPi regularly but have no idea about the internals. This was a huge surprise to them. My problem with this is that PyPi and pip will look bad if this is ever going to be abused. What are your thoughts on this? — Jannis Gebauer ___ Distutils

[Distutils] Data on requirement files on GitHub

2017-03-08 Thread Jannis Gebauer
. If you have any ideas on what to do with the data, please let me know. — Jannis Gebauer [0]: https://cloud.google.com/bigquery/public-data/github <https://cloud.google.com/bigquery/public-data/github> [1]: https://github.com/jayfk/requirements-dataset <https://github.com/jayfk/req