There are author-email and maintainer-email fields. You could also or instead use a mailing list address for the author-email or maintainer-email fields. Newlines work (just like file\nnames)?
With a mailing list, package maintainers can share responsibility (*) and hand off correspondence without forwards and indentation. Google Groups is free; are there alternatives: https://support.google.com/groups/answer/2464926 You can use a third party service to create e.g. GitHub or GitLab issues via email; however, security sensitive information (vulnerabilities, credentials, personal information) may require additional caution and admonitions. If not otherwise specified in the long description, presumably the author-email and/or maintainer-email address(es) are the correct place to send fair disclosure information. This could be a separate thread/issue and an additional package metadata field maybe for Package Metadata 1.3? Sorry, a BIT OT. security-email? On Thursday, December 7, 2017, Barry Warsaw <ba...@python.org> wrote: > I think I implicitly knew this, but as I've just released a package (to > be announced soon) that actually has multiple authors, I found out first > hand that PyPI rejects uploads where the author-email field isn't a > completely valid email address, and that there is no support for > multiple author emails. > > As it turns out, you can kludge this into your pyproject.toml or > setup.py file. flit for example separates multiple emails with a > newline, but you could also separate them with commas. You don't notice > the problem until PyPI rejects the upload (with a 400 IIRC). > > I filed this issue with flit: https://github.com/takluyver/flit/issues/153 > > It looks like Thomas agrees that at least flit will eventually validate > its fields so you error early. It was a bit of a PITA to do my upload > because I didn't notice the problem until after I'd tagged the repo. > > Multiple package authors doesn't seem like that fringe of a use case; > are there any plans, documents, PEPs, musings, grumbles about supporting > multiple package authors explicitly? > > Cheers, > -Barry > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
