+1 from my side as well, as mentioned before there's no clear downside to it. Good stuff
czw., 27 cze 2024, 06:34 użytkownik Amogh Desai <amoghdesai....@gmail.com> napisał: > Excellent proposal! I see no down-side to the proposal > > Good investigation on the higher level implementation part as well. > > Thanks & Regards, > Amogh Desai > > > On Wed, Jun 26, 2024 at 10:28 AM Poorvi Rohidekar < > poorvirohidekar....@gmail.com> wrote: > > > Looks like a good proposal. > > > > Regards, > > Poorvi Rohidekar > > > > On Wed, 26 Jun 2024 at 00:28, Aritra Basu <aritrabasu1...@gmail.com> > > wrote: > > > > > Agreed, overall sounds like a positive change. Don't see any issues > with > > it > > > -- > > > Regards, > > > Aritra Basu > > > > > > On Tue, Jun 25, 2024, 10:28 PM Ferruzzi, Dennis > > > <ferru...@amazon.com.invalid> > > > wrote: > > > > > > > Sounds good, I don't see a down side and "supply chain security" has > > been > > > > a big concern lately. > > > > > > > > > > > > - ferruzzi > > > > > > > > > > > > ________________________________ > > > > From: Wei Lee <weilee...@gmail.com> > > > > Sent: Tuesday, June 25, 2024 8:07 AM > > > > To: dev@airflow.apache.org > > > > Subject: RE: [EXT] [PROPOSAL] Use Trusted Publishing workflow for > > Airflow > > > > releases to PyPI > > > > > > > > CAUTION: This email originated from outside of the organization. Do > not > > > > click links or open attachments unless you can confirm the sender and > > > know > > > > the content is safe. > > > > > > > > > > > > > > > > AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur > > externe. > > > > Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne > > > pouvez > > > > pas confirmer l’identité de l’expéditeur et si vous n’êtes pas > certain > > > que > > > > le contenu ne présente aucun risque. > > > > > > > > > > > > > > > > This proposal is great! PyPI security has been valued a lot these > days. > > > > Glad we're also joining. > > > > > > > > Best, > > > > Wei > > > > > > > > > On Jun 25, 2024, at 8:01 PM, Jarek Potiuk <ja...@potiuk.com> > wrote: > > > > > > > > > > Yes and no :) > > > > > > > > > > We publish alpha/betas - yes. No change there. But for RCs what we > > > > publish > > > > > in SVN currently are the packages that are built fro RC tag but > > without > > > > rc > > > > > suffix - so that when they pass the voting we upload them to PyPI > > > without > > > > > regenerating them (RC becomes final). > > > > > > > > > > But we do not publish the PYPI RCs - since PYPI uploads are > > immutable, > > > we > > > > > need to publish PYPI RCs with the rc suffixes. So far we just > > generated > > > > > them and published to PyPI for testing but we did not upload them > to > > > SVN. > > > > > > > > > > > > > > > So if we want to pull RCs from SVN - we need to upload there both: > > the > > > RC > > > > > version for PyPI (with RC suffix) and the no-suffix candidate that > > > might > > > > > become the final version once voted. > > > > > > > > > > J > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org > > > > For additional commands, e-mail: dev-h...@airflow.apache.org > > > > > > > > > > > > > >
