Re: the new PyPI, coming next month

2018-04-01 Thread Donald Stufft
> On Apr 1, 2018, at 2:27 AM, Dominik George wrote: > > Hi, > >> To be clear, PGP signatures can still be uploaded and they are still >> available for download, they just don’t appear in the UI anymore. > > So, what does the pypi.debian.net redirector use for uscan?

Re: the new PyPI, coming next month

2018-03-31 Thread Donald Stufft
> On Mar 31, 2018, at 11:23 PM, Scott Kitterman wrote: > > What replaces gpg for ensuring integrity of the uploaded code? To be clear, PGP signatures can still be uploaded and they are still available for download, they just don’t appear in the UI anymore. Longer term

Re: GnuPG signatures on PyPI: why so few?

2017-03-12 Thread Donald Stufft
ed >> that they intend to drop support for signatures entirely. > > Did they give any reasoning for this decision? > https://mail.python.org/pipermail/distutils-sig/2016-May/028933.html <https://mail.python.org/pipermail/distutils-sig/2016-May/028933.html> — Donald Stufft

Re: GnuPG signatures on PyPI: why so few?

2017-03-11 Thread Donald Stufft
load``. I don’t think there is anything like that for Twine. I can’t speak for Ian but I don’t personally see anything inherently wrong with adding a environment variable or config option to twine that allows it to always sign by default. Ian may feel differently though! — Donald Stufft

Re: pip for stretch

2016-11-21 Thread Donald Stufft
as quickly as possible would be a big boon to that. — Donald Stufft

Re: /usr/bin/python2 shebangs

2016-11-01 Thread Donald Stufft
python3 version won't accomplish anything more > than gratuitously break such setups. /usr/bin/python3 being Python 4.x is a bit weird though, and it’s likely that Python 4.x is not going to be another break the world release. — Donald Stufft

Re: New, updated pip coming

2016-01-29 Thread Donald Stufft
alenv and venv will both need wheels that it needs to install for pip, setuptools, and in the case of virtualenv, wheel. I'm not sure what the plan is for those. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
> On Jan 22, 2016, at 6:02 PM, Barry Warsaw <ba...@debian.org> wrote: > > On Jan 22, 2016, at 05:50 PM, Donald Stufft wrote: > >> Forget that pip can fetch files from PyPI and install them for a moment and >> consider the command ``pip install .``.

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
n the debs are installed, so the egg-info/RECORD file *can't* > contain them, at least not accurately. FWIW It appears that if you do setup.py install —no-compile to tell distutils not to compile the .pyc during .deb build time, I believe that as is it will just omit the .pyc files. Not sure if that’s

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
> On Jan 22, 2016, at 11:51 AM, Scott Kitterman <deb...@kitterman.com> wrote: > > On Friday, January 22, 2016 10:54:54 AM Donald Stufft wrote: >>> On Jan 22, 2016, at 10:36 AM, Piotr Ożarowski <pi...@debian.org> wrote: >>> >>> to be honest, I stil

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
ays "Hey, This is a system install" that we can inspect and then take additional logic (like refusing to touch it without a --force) based on that. The change I'm asking for here helps make that possible (among other things). - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
ls (just like pip does) regardless of if it imports setuptools or distutils in it’s setup.py file. ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
> On Jan 22, 2016, at 6:04 PM, Scott Kitterman <deb...@kitterman.com> wrote: > > On Friday, January 22, 2016 05:50:13 PM Donald Stufft wrote: > ... >> We already have an option like this, the —root option which will just append >> a different prefix to all

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-22 Thread Donald Stufft
at is for the simpler projects with some basic C needs, and *maybe* one that is for pure python (but that may be able to be handled by the basic C needs one) though there will be a long tail I’m sure. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C

Amend Debian Python Proposal to Include More Python Metadata?

2016-01-21 Thread Donald Stufft
something at all that Debian would be interested in? - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Amend Debian Python Proposal to Include More Python Metadata?

2016-01-21 Thread Donald Stufft
ooking for things to activate and it comes with a bunch of side effects. This happens implicitly for any project using console scripts. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Dealing with flit -- a simplified packaging of python modules

2015-09-26 Thread Donald Stufft
On September 26, 2015 at 5:30:35 AM, Paul Wise (p...@debian.org) wrote: > On Fri, 2015-09-25 at 19:25 -0400, Donald Stufft wrote: > > > Because the way Python packaging currently is and historically has > > been, binary packages are not something that is widely available or &g

Re: Dealing with flit -- a simplified packaging of python modules

2015-09-25 Thread Donald Stufft
using source packages instead of binary packages and > then complaining that the source tarballs aren't ready-to-run binary > packages? > Because the way Python packaging currently is and historically has been, binary packages are not something that is widely available or viable.

Re: Dealing with flit -- a simplified packaging of python modules

2015-09-25 Thread Donald Stufft
On September 25, 2015 at 8:21:39 PM, Ben Finney (ben+deb...@benfinney.id.au) wrote: > Donald Stufft writes: > > > On September 25, 2015 at 7:24:30 PM, Paul Wise (p...@debian.org) wrote: > > > Why are end users using source packages instead of binary packages >

Re: PyCon BoF: Stretch goals for cPython, PyPy CFFI

2015-04-13 Thread Donald Stufft
. Right now we have the de facto standard of binary, binaryX, and binaryX.Y but that really only sanely handles CPython. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Debian uscan redirector for PyPI

2015-02-05 Thread Donald Stufft
On Feb 5, 2015, at 6:14 PM, Ben Finney ben+deb...@benfinney.id.au wrote: Ben Finney ben+deb...@benfinney.id.au writes: Donald Stufft don...@stufft.io writes: I suggested to #debian-python that a redirector might be better and there is now one at pypi.debian.net. Whe is the VCS

Re: PyPI and debian/watch

2015-02-04 Thread Donald Stufft
On Feb 4, 2015, at 11:20 AM, Barry Warsaw ba...@debian.org wrote: On Feb 04, 2015, at 10:53 AM, Donald Stufft wrote: That same page also mentions that qa.debian.org runs a number of redirectors for sites like SourceForge and GitHub so perhaps a better answer is for Debian QA to run

Re: PyPI and debian/watch

2015-02-04 Thread Donald Stufft
On Feb 4, 2015, at 3:02 PM, Tianon Gravi admwig...@gmail.com wrote: On 4 February 2015 at 06:08, Donald Stufft don...@stufft.io wrote: If it gets implemented it'll live at /uscan/ because it exists primarily to work around the deficiencies that exist in uscan (Particularly the dificulty

Re: Debian uscan redirector for PyPI (was: PyPI and debian/watch)

2015-02-04 Thread Donald Stufft
I'm on my phone currently but I think Barry is using it in the wheel package now. On Feb 4, 2015, at 5:18 PM, Ben Finney ben+deb...@benfinney.id.au wrote: Donald Stufft don...@stufft.io writes: I suggested to #debian-python that a redirector might be better and there is now one

Re: PyPI and debian/watch

2015-02-04 Thread Donald Stufft
On Feb 4, 2015, at 4:32 PM, Stefano Rivera stefa...@debian.org wrote: Hi Donald (2015.02.04_22:06:25_+0200) On 4 February 2015 at 06:08, Donald Stufft don...@stufft.io wrote: If it gets implemented it'll live at /uscan/ because it exists primarily to work around the deficiencies that exist

Re: PyPI and debian/watch

2015-02-04 Thread Donald Stufft
On Feb 4, 2015, at 10:07 AM, Barry Warsaw ba...@debian.org wrote: On Feb 04, 2015, at 08:08 AM, Donald Stufft wrote: If it gets implemented it'll live at /uscan/ because it exists primarily to work around the deficiencies that exist in uscan (Particularly the dificulty in ignoring url

Re: PyPI and debian/watch

2015-02-04 Thread Donald Stufft
systems use with no problem because they can parse the URLs and ignore the URL fragments (or use them for verifying the hash if need be). --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject

Re: Resources/best practices for making a .deb out of a virtualenv

2014-12-31 Thread Donald Stufft
that it can use more recent libraries? (I'm not currently subscribed to the mailing list, but will if that's easer than just CC'ing me or Reply-All'ing me). I’ve used https://github.com/spotify/dh-virtualenv in the past and it worked well. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926

Re: Building Python without SSLv3 breaks requests

2014-11-19 Thread Donald Stufft
Upstream would probably like the patch to fix things when sslv3 is disabled. I think shazow would merge it easily. On Nov 19, 2014, at 6:20 PM, Barry Warsaw ba...@python.org wrote: On Nov 19, 2014, at 08:14 AM, Matthias Klose wrote: I'll wait for the -12 results. I think it would be

Re: 'deviations from upstream' wiki.debian.org/Python docs

2014-07-02 Thread Donald Stufft
- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Packaging of suds-jurko (was: suds)

2014-07-01 Thread Donald Stufft
of the forks. I’d have to talk to Richard to be sure about that but it’s potentially an option. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Bug#750638: ITP: ndg-httpsclient -- enhanced HTTPS support for httplib and urllib2 using PyOpenSSL

2014-06-05 Thread Donald Stufft
for the requests/urllib3 stuff to kick in. It’d probably be a sane idea to use recommends, at least on Python 2.x since using that also prevents CRIME and the like which Python 2.x is vulnerable to else wise IIRC. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F

Re: Bug#750638: ITP: ndg-httpsclient -- enhanced HTTPS support for httplib and urllib2 using PyOpenSSL

2014-06-05 Thread Donald Stufft
On Jun 5, 2014, at 11:47 AM, Daniele Tricoli er...@mornie.org wrote: Hello Donald, On Thursday 05 June 2014 10:24:48 Donald Stufft wrote: You need pyasn1, pyopenssl, and ndg-httpsclient in order for the requests/urllib3 stuff to kick in. Yes, of course: I was keeping an eye on all

Re: Bug#750638: ITP: ndg-httpsclient -- enhanced HTTPS support for httplib and urllib2 using PyOpenSSL

2014-06-05 Thread Donald Stufft
On Jun 5, 2014, at 12:02 PM, Barry Warsaw ba...@debian.org wrote: On Jun 05, 2014, at 11:52 AM, Donald Stufft wrote: Yea it shouldn’t matter on Python 3.x as the SSLContext stuff urllib3 will use to give good defaults there already. Does any of this impact our wheels for virtualenv

Re: Proposed changes to python-virtualenv

2014-06-04 Thread Donald Stufft
it (virtualenvwrapper etc). It also has the benefit that it works across multiple versions of Python, so if someone wants to create Python 2 and Python 3.4 virtual environments, they are likely to be using virtualenv for consistency sake. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

2014-06-03 Thread Donald Stufft
On Jun 3, 2014, at 5:28 AM, Mário Duarte Cruz duartec...@gmail.com wrote: On Mon, Jun 2, 2014 at 2:51 PM, Donald Stufft don...@stufft.io wrote: pip 1.5.6 just upgrades the bundled requests FWIW. I forgot to mention that it breaks if you're sitting behind a proxy (might

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

2014-06-03 Thread Donald Stufft
The fix in 1.5.6 was updating requests. That's the only change. I think Debian needs to update urllib3. That's where the actual fix was. On Jun 3, 2014, at 4:07 PM, Barry Warsaw ba...@debian.org wrote: On Jun 03, 2014, at 11:28 AM, Mário Duarte Cruz wrote: I forgot to mention that it

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

2014-06-03 Thread Donald Stufft
On Jun 3, 2014, at 6:55 PM, Barry Warsaw ba...@debian.org wrote: On Jun 03, 2014, at 04:31 PM, Donald Stufft wrote: The fix in 1.5.6 was updating requests. That's the only change. I think Debian needs to update urllib3. That's where the actual fix was. I think you mean we need to update

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

2014-06-02 Thread Donald Stufft
the bundled requests FWIW. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Proposed changes to python-virtualenv

2014-06-02 Thread Donald Stufft
, which is probably not what most people want (however they can do virtualenv -p python2). - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Proposed changes to python-virtualenv

2014-05-29 Thread Donald Stufft
personally have them but anyone whose ever needed to install a set of Python packages that Debian either doesn’t package, or packages the wrong version of them have the problems that virtualenv/venv solves and virtualenv/venv without pip is practically worthless. - Donald Stufft PGP

Re: Proposed changes to python-virtualenv

2014-05-29 Thread Donald Stufft
capable of creating virtual environments in interpreters other than the one it's installed in. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Dependency of virtual environments on Python wheel (was: Proposed changes to python-virtualenv)

2014-05-29 Thread Donald Stufft
...@lists.debian.org Archive: https://lists.debian.org/85iooo2hez.fsf...@benfinney.id.au - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: wheel support for Debian?

2014-05-19 Thread Donald Stufft
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140519111953.gc8...@jwilk.net - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed

Re: wheel support for Debian?

2014-05-15 Thread Donald Stufft
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140515183201.6acc4...@anarchist.wooz.org - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message

Re: Bug #732703 and fixing ensurepip/pyvenv

2014-05-09 Thread Donald Stufft
, and best to ping me on IRC if you have questions. Cheers, -Barry - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Bug #732703 and fixing ensurepip/pyvenv

2014-05-07 Thread Donald Stufft
been added into sys.path (basically options 2 and 3). I *think* it will work but that should be tested. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Bug #732703 and fixing ensurepip/pyvenv

2014-05-06 Thread Donald Stufft
that. So even if the current method breaks, there is almost certainly going to be a path forward. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Python 3.4 and ensurepip (rehashed, long)

2014-04-04 Thread Donald Stufft
\o/ On Apr 4, 2014, at 7:12 PM, Barry Warsaw ba...@python.org wrote: On Mar 19, 2014, at 05:40 PM, Barry Warsaw wrote: The current situation in the Python 3.4 package is suboptimal because: % pyvenv-3.4 /tmp/zz Error: Command '['/tmp/zz/bin/python3.4', '-Im', 'ensurepip', '--upgrade',

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-26 Thread Donald Stufft
at all and regardless of which format it downloads it unpacks it and installs it. There is no difference in format between what pip installs and any debian package I’ve ever looked at. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-26 Thread Donald Stufft
On Mar 26, 2014, at 9:16 AM, Piotr Ożarowski pi...@debian.org wrote: [Donald Stufft, 2014-03-26] On Mar 26, 2014, at 9:12 AM, Piotr Ożarowski pi...@debian.org wrote: [Barry Warsaw, 2014-03-25] One of the things I'd like to see, in addition to supporting platform-specified system-level

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-26 Thread Donald Stufft
On Mar 26, 2014, at 10:35 AM, Barry Warsaw ba...@debian.org wrote: On Mar 26, 2014, at 09:24 AM, Donald Stufft wrote: In my half formed idea in my head the way it’d work is there’d be a vendor-packages directory where downstream can install things to, and a flag to the interpreter

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-25 Thread Donald Stufft
', 'python-pip']), but that just isn't something that I'd want to do. Right, we wouldn't either I think. Cheers, -Barry - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-25 Thread Donald Stufft
...@limelight.wooz.org - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-21 Thread Donald Stufft
in the system Python currently kind of sucks. I want to make this better eventually! I just don't know how yet or have the cycles to spend investigating it. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-21 Thread Donald Stufft
. I liked Piotr's idea about an option along the lines of -i-know-if-a-break-it-i-keep-both-halves to override that. Scott K - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP

Re: Python 3.4 and ensurepip (rehashed, long)

2014-03-21 Thread Donald Stufft
On Mar 21, 2014, at 3:39 PM, Donald Stufft don...@stufft.io wrote: On Mar 21, 2014, at 3:24 PM, Scott Kitterman deb...@kitterman.com wrote: On Wednesday, March 19, 2014 17:40:51 Barry Warsaw wrote: Signed by ba...@warsaw.us. Show Details TL;DR: Let's re-enable the ensurepip module