Agreed, overall sounds like a positive change. Don't see any issues with it -- Regards, Aritra Basu
On Tue, Jun 25, 2024, 10:28 PM Ferruzzi, Dennis <ferru...@amazon.com.invalid> wrote: > Sounds good, I don't see a down side and "supply chain security" has been > a big concern lately. > > > - ferruzzi > > > ________________________________ > From: Wei Lee <weilee...@gmail.com> > Sent: Tuesday, June 25, 2024 8:07 AM > To: dev@airflow.apache.org > Subject: RE: [EXT] [PROPOSAL] Use Trusted Publishing workflow for Airflow > releases to PyPI > > CAUTION: This email originated from outside of the organization. Do not > click links or open attachments unless you can confirm the sender and know > the content is safe. > > > > AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. > Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez > pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que > le contenu ne présente aucun risque. > > > > This proposal is great! PyPI security has been valued a lot these days. > Glad we're also joining. > > Best, > Wei > > > On Jun 25, 2024, at 8:01 PM, Jarek Potiuk <ja...@potiuk.com> wrote: > > > > Yes and no :) > > > > We publish alpha/betas - yes. No change there. But for RCs what we > publish > > in SVN currently are the packages that are built fro RC tag but without > rc > > suffix - so that when they pass the voting we upload them to PyPI without > > regenerating them (RC becomes final). > > > > But we do not publish the PYPI RCs - since PYPI uploads are immutable, we > > need to publish PYPI RCs with the rc suffixes. So far we just generated > > them and published to PyPI for testing but we did not upload them to SVN. > > > > > > So if we want to pull RCs from SVN - we need to upload there both: the RC > > version for PyPI (with RC suffix) and the no-suffix candidate that might > > become the final version once voted. > > > > J > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org > For additional commands, e-mail: dev-h...@airflow.apache.org > >
