Hi Martin,
On 1/23/12 5:30 PM, "Martin v. Löwis" wrote:
OAuth would be a most welcome addition!
Can you please flesh out a specification?
I'd be hesitant to add it without a *clear* commitment to using it.
We added OpenID support primarily to support pythonpackages.com,
only to find out that it now uses github accounts :-( I'd be angry
to learn that I implemented yet another feature which is then not
going to be used.
OpenID is still on the table, so I don't want you to get the impression
that we're jumping ship for OAuth. That said, I apologize about leaving
you hanging there; it was certainly not my intention (and I was unaware
until now that OpenId support was added for pythonpackages.com… unless
maybe you are confusing it with opencomparison.org?).
In any event, yes, I can put together a specification. Things should be
easier to discuss now that I have announced the details. Let me do this:
- Between now and March, I'll implement OpenId support on
pythonpackages.com.
- That support will, initially, only be used to verify that someone with
a Github account who has already signed in owns a particular package on
PyPI. As that is clumsy even to describe, I suspect it will only be a
stepping stone to a better approach (but I think it gets me what I want,
which is to publish packages that have shared the maintainer role with
`pythonpackages`. I certainly don't want any pythonpackages.com user to
be able to publish any package on PyPI that has done the same.)
Alex
Regards,
Martin
--
Alex Clark · http://pythonpackages.com
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
