On Sun, Jan 22, 2012 at 12:57 P > > Maybe there's a way to make >> this more secure, like making session based authorization ? Or that's >> what you planned maybe ? >> > > I'm not sure what you mean, but I'm certainly planning lots of things for > the future, assuming things go well. WRT to sessions the app currently uses > Pyramid's auth_tkt policy, which configures a session for anyone that > authorizes the app on github.com. >
I meant giving a temporary access to my PyPI packages from within your application when performing tasks, not a complete & permanent one where you application could perform unwanted tasks at PyPI if the server gets hacked. I am not sure how this could be done practically speaking, it depends on the client UI. Cheers Tarek > > Otherwise cool idea >> > > Thanks > > > Alex > > [1] http://lxc.sourceforge.net/ > [2] > http://devcenter.heroku.com/**articles/config-vars#an_**example<http://devcenter.heroku.com/articles/config-vars#an_example> > > > >> Cheers >> Tarek >> >> On Jan 22, 2012 9:04 AM, "Alex Clark" <acl...@aclark.net >> <mailto:acl...@aclark.net>> wrote: >> >> Folks, >> >> I have created a new service aimed at making it easier to release >> Python packages to PyPI. The primary user is currently: me. And to >> date, I have only released a single package with it: Pillow (well, >> in fact I really only tested a portion of the release process with >> Pillow). >> >> It works like this: >> >> - I have created a "user" `pythonpackages` on PyPI >> - I have uploaded an ssh key [1]. >> - I have added `pythonpackages` as a maintainer of `Pillow`. >> - You can imagine the rest (and if you can't, it's a secret for now.) >> >> Now, I read the TOS very carefully before creating the >> `pythonpackages` "user". And there was nothing in it to indicate >> this action is anything other than "fair use". But I want to bring >> it to the attention of the PyPI maintainers now, in the event the >> service becomes popular later (I know at least I am planning to use >> it quite a bit. And we have ~70 beta users signed up to begin testing.) >> >> The bottom line is: there is now a "user" on the PyPI called >> `pythonpackages` that is in fact not a user, but a website >> (pythonpackages.com <http://pythonpackages.com>). By adding the >> >> "user" `pythonpackages` as a Maintainer to your package, you will be >> able to use the pythonpackages.com <http://pythonpackages.com> >> >> service to automate your release process in some exciting capacity, >> to be revealed soon. This is just one aspect of the service I am >> building, but it is an important milestone that I wanted to share >> (for obvious reasons). >> >> I welcome any comments/questions/concerns. It is my sincere hope >> that at the most, I am not offending anyone with my actions and at >> the least, I am not violating any terms or conditions that I don't >> know about. >> >> Sincerely, >> >> >> Alex Clark >> >> >> [1] I am using pypissh, >> http://pythonpackages.com/__**info/pypissh<http://pythonpackages.com/__info/pypissh> >> >> >> <http://pythonpackages.com/**info/pypissh<http://pythonpackages.com/info/pypissh>> >> (many thanks to Martin von >> Löwis for this). >> >> >> -- >> Alex Clark · http://pythonpackages.com >> >> ______________________________**___________________ >> Catalog-SIG mailing list >> Catalog-SIG@python.org <mailto:Catalog-SIG@python.org**> >> >> http://mail.python.org/__**mailman/listinfo/catalog-sig<http://mail.python.org/__mailman/listinfo/catalog-sig> >> >> <http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig> >> > >> >> >> >> >> ______________________________**_________________ >> Catalog-SIG mailing list >> Catalog-SIG@python.org >> http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig> >> > > > -- > Alex Clark · http://pythonpackages.com > > ______________________________**_________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig> > -- Tarek Ziadé | http://ziade.org
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
