On 04.09.2013 01:51, Nick Coghlan wrote:
On 4 Sep 2013 07:20, M.-A. Lemburg m...@egenix.com wrote:
On 31.08.2013 17:56, Nick Coghlan wrote:
setuptools definitely has its issues, but it's still substantially
superior
to distutils, and has the critical virtue of behaving the *same* in all
Hi,
Paul Moore p.f.moore at gmail.com writes:
On 3 September 2013 22:20, M.-A. Lemburg mal at egenix.com wrote:
IMO, a much better way forward would be to integrate useful setuptools
changes right back into distutils, so that the monkey patching
no longer happens and python-dev can
On 03.09.2013 23:57, Paul Moore wrote:
On 3 September 2013 22:20, M.-A. Lemburg m...@egenix.com wrote:
IMO, a much better way forward would be to integrate useful setuptools
changes right back into distutils, so that the monkey patching
no longer happens and python-dev can officially bless
On 4 September 2013 08:13, M.-A. Lemburg m...@egenix.com wrote:
It's not about reinventing the wheel, it's taking the good bits
from setuptools and moving them into distutils to make them
standard for Python 3.4+, allowing setuptools to stop monkey patching
distutils and extensions to stop
On 04.09.2013 09:27, Paul Moore wrote:
On 4 September 2013 08:13, M.-A. Lemburg m...@egenix.com wrote:
It's not about reinventing the wheel, it's taking the good bits
from setuptools and moving them into distutils to make them
standard for Python 3.4+, allowing setuptools to stop monkey
Hi,
I'm getting the following error when I try to login using OpenID
on PyPI:
Login failed:NotAuthenticated('Replay attack detected', 9)
Is there any known cause for it?
Regards
Antoine.
___
Distutils-SIG maillist - Distutils-SIG@python.org
Hi,
On PyPI:
Please use a mix of different-case letters and numbers in your password
Ok... has anyone decided to play BOFH on this one?
Displaying recommendations is fine (and, why not, some kind of entropy
meter), enforcing stupid rules like that is not.
Regards
Antoine, trying to access
Antoine Pitrou solipsis at pitrou.net writes:
Hi,
Paul Moore p.f.moore at gmail.com writes:
On 3 September 2013 22:20, M.-A. Lemburg mal at egenix.com wrote:
IMO, a much better way forward would be to integrate useful setuptools
changes right back into distutils, so that the monkey
On 4 September 2013 08:51, M.-A. Lemburg m...@egenix.com wrote:
On 04.09.2013 09:27, Paul Moore wrote:
On 4 September 2013 08:13, M.-A. Lemburg m...@egenix.com wrote:
I guess that's what the suggestion is all about: avoiding
reinventing the wheel, endless discussions and instead going
for
On Sep 4, 2013, at 4:27 AM, Antoine Pitrou anto...@python.org wrote:
Hi,
On PyPI:
Please use a mix of different-case letters and numbers in your password
Ok... has anyone decided to play BOFH on this one?
Displaying recommendations is fine (and, why not, some kind of entropy
On 04.09.2013 11:49, Oscar Benjamin wrote:
On 4 September 2013 08:51, M.-A. Lemburg m...@egenix.com wrote:
On 04.09.2013 09:27, Paul Moore wrote:
On 4 September 2013 08:13, M.-A. Lemburg m...@egenix.com wrote:
I guess that's what the suggestion is all about: avoiding
reinventing the wheel,
On Sep 4, 2013, at 6:21 AM, M.-A. Lemburg m...@egenix.com wrote:
I quite like the idea of using setup.py as high level
interface to a package for installers to use, since that
avoids having to dig into the details built into the
setup.py code (and whether it uses setuptools, bento,
custom
Donald Stufft donald at stufft.io writes:
On Sep 4, 2013, at 4:27 AM, Antoine Pitrou antoine at python.org wrote:
Hi,
On PyPI:
Please use a mix of different-case letters and numbers in your password
Ok... has anyone decided to play BOFH on this one?
Displaying
On Sep 4, 2013, at 6:33 AM, Antoine Pitrou anto...@python.org wrote:
Donald Stufft donald at stufft.io writes:
On Sep 4, 2013, at 4:27 AM, Antoine Pitrou antoine at python.org wrote:
Hi,
On PyPI:
Please use a mix of different-case letters and numbers in your password
Ok... has
On Wed, Sep 4, 2013 at 6:33 AM, Antoine Pitrou anto...@python.org wrote:
Donald Stufft donald at stufft.io writes:
On Sep 4, 2013, at 4:27 AM, Antoine Pitrou antoine at python.org wrote:
Hi,
On PyPI:
Please use a mix of different-case letters and numbers in your password
Ok...
On Sep 4, 2013, at 6:50 AM, Jim Fulton j...@zope.com wrote:
On Wed, Sep 4, 2013 at 6:33 AM, Antoine Pitrou anto...@python.org wrote:
Donald Stufft donald at stufft.io writes:
On Sep 4, 2013, at 4:27 AM, Antoine Pitrou antoine at python.org wrote:
Hi,
On PyPI:
Please use a mix of
On 4 September 2013 09:55, Justin Cappos jcap...@poly.edu wrote:
We have integrated PyCrypto into TUF and are planning to distribute binaries
for it along with TUF so that TUF will work smoothly on Windows, Linux, Mac,
etc.
We will have a demo that shows TUF integration into pip later this
On 4 September 2013 11:30, Donald Stufft don...@stufft.io wrote:
On Sep 4, 2013, at 6:21 AM, M.-A. Lemburg m...@egenix.com wrote:
I quite like the idea of using setup.py as high level
interface to a package for installers to use, since that
avoids having to dig into the details built into
On 4 September 2013 11:30, Donald Stufft don...@stufft.io wrote:
On Sep 4, 2013, at 6:21 AM, M.-A. Lemburg m...@egenix.com wrote:
I quite like the idea of using setup.py as high level
interface to a package for installers to use, since that
avoids having to dig into the details built into the
On 4 September 2013 12:05, Oscar Benjamin oscar.j.benja...@gmail.com wrote:
Also would this be sufficient to decouple pip and setuptools (a
reasonable goal in itself)? Or does pip depend on setuptools in more
ways than the distutils monkey-patching?
I've not got round to reviewing the code
On 4 September 2013 11:33, Antoine Pitrou anto...@python.org wrote:
Users don't want their security concerns to be dictated by a service
provider. Programmatically refusing passwords which are deemed too
weak is the kind of policy that I thought had disappeared since the 1990s
(yes, it's been
On 4 September 2013 12:28, Paul Moore p.f.mo...@gmail.com wrote:
(Note by the way that the PyPI restrictions would not accept the
complete text of the above paragraph as a valid password. I bet it has
pretty high entropy, though...)
Whoops, missed the 16-character comment. Teach me to be
On 4 September 2013 12:20, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 12:05, Oscar Benjamin oscar.j.benja...@gmail.com wrote:
Also would this be sufficient to decouple pip and setuptools (a
reasonable goal in itself)? Or does pip depend on setuptools in more
ways than the
On 4 September 2013 12:37, Oscar Benjamin oscar.j.benja...@gmail.comwrote:
What I meant was: If distutils gained the minimal missing setuptools
commands then would that be sufficient to decouple setuptools and pip.
I guess you've answered that above as probably.
OK. But I regard vthat as a
On 4 September 2013 16:44, M.-A. Lemburg m...@egenix.com wrote:
We need to get rid off hacks like setuptools if we ever
want to see light at the end of the packaging tunnel.
Yes, the whole point of formally defining the requirements for the
setup.py CLI (along with a hook system for metadata
On Sep 4, 2013, at 7:13 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 11:30, Donald Stufft don...@stufft.io wrote:
On Sep 4, 2013, at 6:21 AM, M.-A. Lemburg m...@egenix.com wrote:
I quite like the idea of using setup.py as high level
interface to a package for installers to
On Sep 4, 2013, at 7:28 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 11:33, Antoine Pitrou anto...@python.org wrote:
Users don't want their security concerns to be dictated by a service
provider. Programmatically refusing passwords which are deemed too
weak is the kind of
Jim Fulton jim at zope.com writes:
People (at least technical people) should use password managers.
I will gladly use a password manager on my personal computer, just *not*
on a computer which other people may access. In these cases it is important
to be able to choose a rememberable enough
On 4 September 2013 12:58, Nick Coghlan ncogh...@gmail.com wrote:
However, a more significant problem is that the whole idea is based on
pure vapourware. That ideal it's just like setuptools, but with a
more elegant implementation that could be used to replace distutils in
Python 3.4 library
Donald Stufft donald at stufft.io writes:
If you can't maintain a basic level of security on your account maybe
you shouldn't be releasing code for other people to use?
Hey, can you get off your high horses now?
I don't think it's
that hard to remember a 16+ character password that has no
On Wed, Sep 4, 2013 at 8:11 AM, Antoine Pitrou anto...@python.org wrote:
Jim Fulton jim at zope.com writes:
People (at least technical people) should use password managers.
I will gladly use a password manager on my personal computer, just *not*
on a computer which other people may access.
On Wed, Sep 4, 2013 at 9:08 AM, Antoine Pitrou anto...@python.org wrote:
Jim Fulton jim at zope.com writes:
Some password managers (including both that I've used) let you access your
passwords via the web, so they aren't stored locally.
Will they work with setup.py too (e.g. the register
Jim Fulton jim at zope.com writes:
Some password managers (including both that I've used) let you access your
passwords via the web, so they aren't stored locally.
Will they work with setup.py too (e.g. the register command)?
As far as the Web interface is concerned, I would be glad to
On 4 September 2013 22:51, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 12:58, Nick Coghlan ncogh...@gmail.com wrote:
However, a more significant problem is that the whole idea is based on
pure vapourware. That ideal it's just like setuptools, but with a
more elegant
On 4 September 2013 22:53, Antoine Pitrou anto...@python.org wrote:
Well, can I use too or do I have to use
aAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaA?
If that works, you could disable the restriction right now
because it is not securing anything, it's just a feel-good
Jim Fulton jim at zope.com writes:
On Wed, Sep 4, 2013 at 9:08 AM, Antoine Pitrou antoine at python.org
wrote:
Jim Fulton jim at zope.com writes:
Some password managers (including both that I've used) let you access your
passwords via the web, so they aren't stored locally.
Will
On 4 September 2013 23:25, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 14:18, Nick Coghlan ncogh...@gmail.com wrote:
If such projects publish wheel files (modulo us getting the Linux file
naming problem sorted), then the only people the build issues are
likely to hit are those
On 4 September 2013 14:18, Nick Coghlan ncogh...@gmail.com wrote:
If such projects publish wheel files (modulo us getting the Linux file
naming problem sorted), then the only people the build issues are
likely to hit are those that force builds from source (like
zc.buildout and Linux
On Sep 4, 2013, at 9:27 AM, Nick Coghlan ncogh...@gmail.com wrote:
On 4 September 2013 23:25, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 14:18, Nick Coghlan ncogh...@gmail.com wrote:
If such projects publish wheel files (modulo us getting the Linux file
naming problem sorted),
On 4 September 2013 14:27, Nick Coghlan ncogh...@gmail.com wrote:
I was under the impression pip *already* forced the use of setuptools
(to ensure --record is available), so why would pip wheel provoke
any more bug reports than pip install?
It won't, but at the moment the reports are likely to
On Sep 4, 2013, at 9:27 AM, Antoine Pitrou anto...@python.org wrote:
Jim Fulton jim at zope.com writes:
On Wed, Sep 4, 2013 at 9:08 AM, Antoine Pitrou antoine at python.org
wrote:
Jim Fulton jim at zope.com writes:
Some password managers (including both that I've used) let you access
On Sep 4, 2013, at 9:10 AM, Nick Coghlan ncogh...@gmail.com wrote:
I've submitted a
patch to mention the 16 character threshold where all other checks no
longer apply in the error message
This is merged and deployed.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B
Nick Coghlan ncoghlan at gmail.com writes:
On 4 September 2013 22:53, Antoine Pitrou antoine at python.org wrote:
Well, can I use too or do I have to use
aAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaA?
If that works, you could disable the restriction right now
because it is
On Sep 4, 2013, at 9:25 AM, Paul Moore p.f.mo...@gmail.com wrote:
Personally, I don't expect to see published wheels for some time yet.
Just to add numbers to this, there are currently 162 published Wheels on
PyPI which I think is pretty good given the relative newness of a pip that
supports
On Sep 4, 2013, at 9:39 AM, Antoine Pitrou anto...@python.org wrote:
PyPI is not a project like Fedora is. It is a community service for
thousands of different people, with wildly different processes and
constraints. You can't just order anyone use your passwords like
Nick and DOnald do.
On Sep 4, 2013, at 9:46 AM, Antoine Pitrou anto...@python.org wrote:
Nick Coghlan ncoghlan at gmail.com writes:
If the PyPI password restrictions ever feel too onerous, then OpenID
is another alternative (albeit not one that works with the command
line tools). However, you should be able
On 4 September 2013 23:32, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 14:27, Nick Coghlan ncogh...@gmail.com wrote:
I was under the impression pip *already* forced the use of setuptools
(to ensure --record is available), so why would pip wheel provoke
any more bug reports than
Nick Coghlan ncoghlan at gmail.com writes:
If the PyPI password restrictions ever feel too onerous, then OpenID
is another alternative (albeit not one that works with the command
line tools). However, you should be able to use pypissh for CLI access
in that case.
For the record, it seems
I just pushed tox-1.6.1 to PyPI which fixes a number of issues
Also detox-0.9.3, the parallelizing tox runner, is out.
tox aims to automate and standardize testing in Python, see docs:
http://tox.testrun.org
If you want to support tox development other than through contributions
or
On 4 September 2013 23:39, Antoine Pitrou anto...@python.org wrote:
PyPI is not a project like Fedora is. It is a community service for
thousands of different people, with wildly different processes and
constraints. You can't just order anyone use your passwords like
Nick and DOnald do.
Sure
Nick Coghlan ncoghlan at gmail.com writes:
That's the whole reason the content restrictions turn themselves off
once the password hits 16 characters: passphrases are easy to
remember, and generally quite secure. So, no, it's easy to remember
is not an adequate excuse for choosing a poor
On 5 September 2013 00:31, Antoine Pitrou anto...@python.org wrote:
Nick Coghlan ncoghlan at gmail.com writes:
On 4 September 2013 23:39, Antoine Pitrou antoine at python.org wrote:
PyPI is not a project like Fedora is. It is a community service for
thousands of different people, with
On 4 September 2013 13:51, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 12:58, Nick Coghlan ncogh...@gmail.com wrote:
However, a more significant problem is that the whole idea is based on
pure vapourware. That ideal it's just like setuptools, but with a
more elegant
On 5 September 2013 00:59, Antoine Pitrou anto...@python.org wrote:
Nick Coghlan ncoghlan at gmail.com writes:
That's the whole reason the content restrictions turn themselves off
once the password hits 16 characters: passphrases are easy to
remember, and generally quite secure. So, no, it's
On Sep 4, 2013, at 10:30 AM, Oscar Benjamin oscar.j.benja...@gmail.com wrote:
On 4 September 2013 13:51, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 12:58, Nick Coghlan ncogh...@gmail.com wrote:
However, a more significant problem is that the whole idea is based on
pure
On Sep 4, 2013, at 11:28 AM, Nick Coghlan ncogh...@gmail.com wrote:
The *best* answer is for a service to use 2-factor authentication
instead of relying entirely on passwords (the physical object Donald
mentioned earlier), but we don't have the resources to set that up,
and certainly can't
Nick Coghlan ncoghlan at gmail.com writes:
On 4 September 2013 23:39, Antoine Pitrou antoine at python.org wrote:
PyPI is not a project like Fedora is. It is a community service for
thousands of different people, with wildly different processes and
constraints. You can't just order anyone
On 5 September 2013 01:31, Donald Stufft don...@stufft.io wrote:
On Sep 4, 2013, at 11:28 AM, Nick Coghlan ncogh...@gmail.com wrote:
The *best* answer is for a service to use 2-factor authentication
instead of relying entirely on passwords (the physical object Donald
mentioned earlier), but
Donald Stufft donald at stufft.io writes:
On Sep 4, 2013, at 11:28 AM, Nick Coghlan ncoghlan at gmail.com wrote:
The *best* answer is for a service to use 2-factor authentication
instead of relying entirely on passwords (the physical object Donald
mentioned earlier), but we don't have
On Wed, Sep 4, 2013 at 9:44 AM, Nick Coghlan ncogh...@gmail.com wrote:
On 4 September 2013 23:32, Paul Moore p.f.mo...@gmail.com wrote:
On 4 September 2013 14:27, Nick Coghlan ncogh...@gmail.com wrote:
I was under the impression pip *already* forced the use of setuptools
(to ensure --record is
On 09/04/2013 07:27 AM, Nick Coghlan wrote:
I was under the impression pip *already* forced the use of setuptools
(to ensure --record is available)
Sidenote, and already mentioned by MAL upthread, but --record is a
distutils feature, not a setuptools feature, so this is not the reason
pip
On Sep 4, 2013, at 6:47 AM, Donald Stufft wrote:
On Sep 4, 2013, at 9:46 AM, Antoine Pitrou anto...@python.org wrote:
Nick Coghlan ncoghlan at gmail.com writes:
If the PyPI password restrictions ever feel too onerous, then OpenID
is another alternative (albeit not one that works with
On Sep 4, 2013, at 11:53 AM, Antoine Pitrou anto...@python.org wrote:
Donald Stufft donald at stufft.io writes:
On Sep 4, 2013, at 11:28 AM, Nick Coghlan ncoghlan at gmail.com wrote:
The *best* answer is for a service to use 2-factor authentication
instead of relying entirely on
On 4 September 2013 17:20, Carl Meyer c...@oddbird.net wrote:
On 09/04/2013 07:27 AM, Nick Coghlan wrote:
I was under the impression pip *already* forced the use of setuptools
(to ensure --record is available)
Sidenote, and already mentioned by MAL upthread, but --record is a
distutils
Le 30/08/2013 03:23, Paul Moore a écrit :
On 30 August 2013 00:08, Nick Coghlan ncogh...@gmail.com wrote:
We also need to officially bless pip's trick of forcing the use of
setuptools for distutils based setup.py files.
Do we? What does official blessing imply? We've managed for years without
Noah Kantrowitz noah at coderanger.net writes:
Obligatory reminder that we (I) have no intention of supporting pypissh as
we move into the Era of Warehouse.
Really? So what will be the options to upload files easily without stuffing
a password in .pypirc?
Obligatory reminder that we (I) have no intention of supporting pypissh as we
move into the Era of Warehouse.
What *is* the Era of Warehouse, exactly? Is there any documentation which
defines standards, interfaces etc., or a rough time frame/road map for such
documentation? What are the
On Sep 4, 2013, at 11:33 AM, Antoine Pitrou wrote:
Noah Kantrowitz noah at coderanger.net writes:
Obligatory reminder that we (I) have no intention of supporting pypissh as
we move into the Era of Warehouse.
Really? So what will be the options to upload files easily without stuffing
a
Noah Kantrowitz noah at coderanger.net writes:
On Sep 4, 2013, at 11:33 AM, Antoine Pitrou wrote:
Noah Kantrowitz noah at coderanger.net writes:
Obligatory reminder that we (I) have no intention of supporting pypissh as
we move into the Era of Warehouse.
Really? So what will be
On Sep 4, 2013, at 2:36 PM, Vinay Sajip vinay_sa...@yahoo.co.uk wrote:
Obligatory reminder that we (I) have no intention of supporting pypissh as
we move into the Era of Warehouse.
What *is* the Era of Warehouse, exactly? Is there any documentation which
defines standards,
On Sep 4, 2013, at 12:14 PM, Donald Stufft wrote:
On Sep 4, 2013, at 2:36 PM, Vinay Sajip vinay_sa...@yahoo.co.uk wrote:
Obligatory reminder that we (I) have no intention of supporting pypissh as
we move into the Era of Warehouse.
What *is* the Era of Warehouse, exactly? Is
On Sep 4, 2013, at 3:19 PM, Noah Kantrowitz n...@coderanger.net wrote:
On Sep 4, 2013, at 12:14 PM, Donald Stufft wrote:
On Sep 4, 2013, at 2:36 PM, Vinay Sajip vinay_sa...@yahoo.co.uk wrote:
Obligatory reminder that we (I) have no intention of supporting pypissh as
we move into
On 09/04/2013 04:59 PM, Antoine Pitrou wrote:
Nick Coghlan ncoghlan at gmail.com writes:
That's the whole reason the content restrictions turn themselves off
once the password hits 16 characters: passphrases are easy to
remember, and generally quite secure. So, no, it's easy to remember
is not
On Sep 4, 2013, at 3:20 PM, Dag Sverre Seljebotn d.s.seljeb...@astro.uio.no
wrote:
On 09/04/2013 04:59 PM, Antoine Pitrou wrote:
Nick Coghlan ncoghlan at gmail.com writes:
That's the whole reason the content restrictions turn themselves off
once the password hits 16 characters:
74 matches
Mail list logo