[Distutils] Re: Packaging optional, arch-dependent, pre-built libraries

Is there some easy way to solve this specifically with cibuildwheel? https://github.com/joerick/cibuildwheel : > - Builds manylinux, macOS 10.9+, and Windows wheels for CPython and PyPy > - Works on GitHub Actions, Azure Pipelines, Travis CI, AppVeyor, CircleCI, and GitLab CI > - Bundles

[Distutils] Re: pip and missing shared system system library

On Sun, Aug 9, 2020, 3:28 PM Wes Turner wrote: > Are you requesting an implementation of autotools / autoconf / pkg-config > / libtool in Python, in setuptools? > > Existing workarounds for building and distributing portable binaries: > > W/ shared library dependenci

[Distutils] Re: pip and missing shared system system library

Are you requesting an implementation of autotools / autoconf / pkg-config / libtool in Python, in setuptools? Existing workarounds for building and distributing portable binaries: W/ shared library dependencies: - auditwheel & manylinux - package managers which support arbitrary binary packages

[Distutils] Re: twine upload & network robustness

warehouse.forklift.legacy._is_valid_dist_file() https://github.com/pypa/warehouse/blob/master/warehouse/forklift/legacy.py#L603 https://github.com/pypa/warehouse/blob/master/docs/api-reference/legacy.rst#upload-api : > The API endpoint served at upload.pypi.org/legacy/ is Warehouse’s emulation

[Distutils] Re: Archive this list & redirect conversation elsewhere?

How to subscribe to all threads of discourse On Tue, Aug 4, 2020 at 6:02 PM Brett Cannon wrote: > > > On Thu, Jul 30, 2020 at 8:41 AM Wes Turner wrote: > >> I confess that I don't even know how to subscribe to all threads of a >> discourse. >> >> -

[Distutils] Re: Archive this list & redirect conversation elsewhere?

I confess that I don't even know how to subscribe to all threads of a discourse. - [ ] How to subscribe to all threads of discourse So, I'd miss security or release announcements only posted to discourse and not distutils-sig (or pypa-dev, which IMHO has the more appropriate scope name in that

[Distutils] Re: Improving Communication

- [ ] Communications flowchart - [ ] Bot for mailing list <> Discourse trackbacks On Sun, May 6, 2018, 5:33 AM Pradyun Gedam wrote: > Sorry for poking an old thread. I actually wanted to respond earlier but > life got in the way. > > Just a small point though. > > On Sat, Apr 21, 2018 at 7:37

[Distutils] Re: pip resolver work chugging along

On Tue, Mar 24, 2020 at 5:24 PM Tzu-ping Chung wrote: > To expand a little on the topic, there are multiple abstraction layers > required to make the new resolver useful as a separate package. > > ResolveLib (mentioned in Paul’s message) is an dependency resolver > implementation in abstract,

[Distutils] Re: pip resolver work chugging along

https://zulipchat.com/integrations/version-control - https://zulipchat.com/integrations/doc/github - https://zulipchat.com/integrations/doc/github_detail On Tue, Mar 24, 2020 at 5:18 PM Wes Turner wrote: > Issue and Pull Request Templates: > - https://github.com/devspace/awesome-gith

[Distutils] Re: pip resolver work chugging along

Issue and Pull Request Templates: - https://github.com/devspace/awesome-github-templates - Sometimes, a blank issue template option seems most welcoming When users have issues with the resolver, the most helpful thing for them to do may be to add a test case. IDK what the best way to do that

[Distutils] Re: pip resolver work chugging along

ject board: https://github.com/pypa/pip/projects/5 A note in the README and the docs regarding testing the new resolver might be good too. On Tue, Mar 24, 2020 at 3:55 PM Wes Turner wrote: > IIRC, the issue for this (or one of the issues for this great work) is: > "New Resolver: Ro

[Distutils] Re: pip resolver work chugging along

IIRC, the issue for this (or one of the issues for this great work) is: "New Resolver: Rollout, Feedback Loops and Development Flow" https://github.com/pypa/pip/issues/6536 On Tue, Mar 24, 2020 at 3:03 PM Paul Moore wrote: > It's already available as a separate package: >

[Distutils] Re: The base docker images for manylinux appear to be private

On Tue, Feb 25, 2020, 10:03 PM Wes Turner wrote: > > Is there a reason the new manylinux does not just extend centos:6? > https://github.com/pypa/manylinux/blob/master/docker/glibc/README.rst : > Summary: Because of https://mail.python.org/pipermail/wheel-builders/2016-December

[Distutils] Re: The base docker images for manylinux appear to be private

I agree. The manylinux docker images should be entirely reproducible from source. Is there a reason the new manylinux does not just extend centos:6? https://github.com/pypa/manylinux/blame/master/docker/Dockerfile-x86_64

[Distutils] Re: Packaging Summit 2020: Save the Date!

On Tue, Jan 14, 2020, 8:47 PM Dustin Ingram wrote: > Thank you Paul for organizing! > Thanks! In the meantime, Source: https://github.com/pypa Homepage: https://www.pypa.io/en/latest/ - Goals - Specifications - Roadmap - ** Presentations & Activities **

[Distutils] Re: Linux binary wheels?

FWIW, conda supports the e.g. armv7l aarch32 and armv8 aarch64 / "ARM64" platforms. Third-party-built packages are the norm there; where there are channels like conda-forge and rpi. What does it mean to sign a CI build from a given unsigned git tag? "Build conda packages for ARM"

[Distutils] Re: Linux binary wheels?

How does this proposal differ from manylinux2010? https://github.com/pypa/manylinux/blob/master/README.rst#example PEP 513: manylinux1 https://www.python.org/dev/peps/pep-0513/ PEP 571: The manylinux2010 Platform Tag (latest, as of 2019) https://www.python.org/dev/peps/pep-0571/ On Monday,

[Distutils] Re: Seeking a new maintainer for packaging.python.org and Twine.

Thanks for Twine! On Friday, July 19, 2019, Pradyun Gedam wrote: > Thanks Thea for all of the work you've done! > > Best, > Pradyun > > On Sat, 20 Jul 2019 at 4:03 AM, Thea Flowers via Distutils-SIG < > distutils-sig@python.org> wrote: > >> Hi friends! >> I'm stepping away from several things

[Distutils] Re: Docker builds, ~/.pip/cache, and O(1) or O(n) bandwidth

gt; On Tue, May 7, 2019, 11:59 Alex Becker wrote: > >> You can use a local PyPI mirror, e.g. devpi, and point your docker builds >> at that, basically tricking docker by going through the (local) network >> stack instead of the filesystem. >> >> On Tue, May 7, 2019 at

[Distutils] Docker builds, ~/.pip/cache, and O(1) or O(n) bandwidth

What is the best way to build docker images without constantly re-downloading packages from PyPI (to use ~O(1) bandwidth instead of O(n) for every build) (AFAIK, nobody has any issue with the amount of bandwidth PyPI uses) Thus far, Docker doesn't want to support a build-time -v option (that

[Distutils] Re: Adding namespace support to PyPi (continuation from PyPA Summit/Sprint)

On Tue, May 7, 2019 at 10:01 AM Wes Turner wrote: > What do namespaces offer over forking, diffing, reviewing the latest > commits, and installing from your GH fork URL commit hash? IIUC, one of the primary objectives for namespaces is to enable a user to store state like ("We'

[Distutils] Re: Adding namespace support to PyPi (continuation from PyPA Summit/Sprint)

What do namespaces offer over forking, diffing, reviewing the latest commits, and installing from your GH fork URL commit hash? When I try to install 'westurner/pip' and 'pip' is already installed, what should it do? Should pypa/setuptools_scm include the namespace in the version tag? If my

[Distutils] Re: PyPI security work: multifactor auth progress & help needed

Is webauthn the multi-factor / 2FA spec to implement now? It's now approved; so while you experts are working on it it may be worth a look to just implement webauthn while we have funding for experts https://www.w3.org/TR/webauthn/ Discourse mentions FIDO. FIDO2 is webauthn, AFAIU. There are a

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Jeremy Stanley wrote: > On 2019-02-12 18:42:29 -0500 (-0500), Wes Turner wrote: > [...] > > All it has to be is an archive containing a setup.py. > > > > "MD5 considered harmful today: > > Creating a rogue CA certificate" (20

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Jeremy Stanley wrote: > On 2019-02-12 17:02:25 -0500 (-0500), Wes Turner wrote: > > On Tuesday, February 12, 2019, Wes Turner wrote: > [...] > > > It is possible to find a nonce value that causes an arbitrary package > to > > > hav

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Trishank Kuppusamy < trishank.kuppus...@datadoghq.com> wrote: > On Tue, Feb 12, 2019 at 5:32 PM Cooper Ry Lees wrote: > >> TUF should be handled via a grant from Facebook this year once Ernest and >> I get this underway: >>

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Wes Turner wrote: > > > On Tuesday, February 12, 2019, Jeremy Stanley wrote: > >> On 2019-02-12 13:37:20 -0500 (-0500), Wes Turner wrote: >> > MD5 is no longer suitable for verifying package integrity. >> > >> &g

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Jeremy Stanley wrote: > On 2019-02-12 13:37:20 -0500 (-0500), Wes Turner wrote: > > MD5 is no longer suitable for verifying package integrity. > > > > https://en.wikipedia.org/wiki/MD5#Security > > > > > The security of the MD5 h

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Wes Turner wrote: > > > On Tuesday, February 12, 2019, Alex Becker wrote: > >> Also note that the simple API only includes a single hash for each file, >> and may use md5 hashes instead of sha256 (technically it may use any of the >&

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Alex Becker wrote: > Also note that the simple API only includes a single hash for each file, > and may use md5 hashes instead of sha256 (technically it may use any of the > hash algorithms guaranteed by hashlib, but I've only seen those two). The > JSON API will

[Distutils] Re: API for SHA-256 fingerprints

On Tuesday, February 12, 2019, Eric Peterson < epeter...@interactivebrokers.com> wrote: > > [...]. I am wondering if there is a programmatic way to access the SHA-256 > for a file (besides just scraping the web page)? Ideally there would be > some way to construct a URL based on the name of the

[Distutils] Re: pip + safety

Wes Turner wrote: > https://github.com/pypa/pipenv/blob/master/pipenv/patched/safety/safety.py > : > > def write_to_cache(db_name, data): > # cache is in: ~/safety/cache.json > # ... > def fetch_database(...) > > On Tuesday, February 12, 2019, Wes Turner wrote: &g

[Distutils] Re: pip + safety

https://github.com/pypa/pipenv/blob/master/pipenv/patched/safety/safety.py : def write_to_cache(db_name, data): # cache is in: ~/safety/cache.json # ... def fetch_database(...) On Tuesday, February 12, 2019, Wes Turner wrote: > Good call. I didn't realize that that's how safety wo

[Distutils] Re: pip + safety

way for any tool to reliably know what *actually* is installed. > > -- > Tzu-ping Chung (@uranusjr) > uranu...@gmail.com > Sent from my iPhone > > On 12 Feb 2019, at 11:34, Wes Turner wrote: > > Would something like this require: > > - a pip extension/plugin/post-ins

[Distutils] Re: pip + safety

Would something like this require: - a pip extension/plugin/post-install hook API - a post-install hook that discloses all installed packages and versions (from pypi.org, mirrors, local directory) in exchange for checking and online security DB - a way to specify a key to e.g. pyup GItHub and

[Distutils] Re: History of python packaging

https://packaging.python.org https://github.com/pypa/python-packaging-user-guide - A history.rst document would be a useful addition On Sunday, October 14, 2018, Dustin Ingram wrote: > Hi Konstantin, > > You might find my PyCon talk "How Python Packaging Works" useful for a > general timeline:

[Distutils] Re: History of python packaging

est/history.html#credits On Sunday, October 14, 2018, Wes Turner wrote: > https://packaging.python.org > https://github.com/pypa/python-packaging-user-guide > - A history.rst document would be a useful addition > > On Sunday, October 14, 2018, Dustin Ingram wrote: > >> Hi Konst

[Distutils] Re: setuptools API compatibility

Setuptools setup.py scripts *are* generally forward compatible; though some features are deprecated from time to time. https://setuptools.readthedocs.io/en/latest/history.html - Ctrl-F "Deprecated" https://setuptools.readthedocs.io/en/latest/roadmap.html

[Distutils] Re: SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

echo 2 > /sys/kernel/debug/x86/ibrs_enabled (Coss-posting to distutils-sig, as C extensions may be the most likely abuse vector) # Forwarded message From: Wes Turner Date: Mon, Sep 17, 2018 at 3:41 PM Subject: Re: SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-regis

[Distutils] Re: SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

ps://mail.python.org/pipermail/python-ideas/2018-September/053175.html > ~ Do trampolines / nested functions in C extensions switch off the NX bit? On Sunday, September 16, 2018, Nathaniel Smith wrote: > On Wed, Sep 12, 2018, 12:29 Joni Orponen wrote: > >> On Wed, Sep 12, 2018 at 8:48

[Distutils] Re: SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

"What is a retpoline and how does it work?" https://stackoverflow.com/questions/48089426/what-is-a-retpoline-and-how-does-it-work On Wednesday, September 12, 2018, Wes Turner wrote: > On Wednesday, September 12, 2018, Joni Orponen > wrote: > >> On Wed, Sep 12, 2018 at

[Distutils] Re: SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

On Wednesday, September 12, 2018, Joni Orponen wrote: > On Wed, Sep 12, 2018 at 8:48 PM Wes Turner wrote: > >> Should C extensions that compile all add >> `-mindirect-branch=thunk -mindirect-branch-register` [1] to mitigate the >> risk of Spectre variant 2 (which does

[Distutils] Re: Adopting virtualenv package maintenance

"What is the difference between venv, pyvenv, pyenv, virtualenv, virtualenvwrapper, pipenv, etc?" https://stackoverflow.com/questions/41573587/what-is-the-difference-between-venv-pyvenv-pyenv-virtualenv-virtualenvwrappe virtualenvwrapper still depends on virtualenv, AFAIU

[Distutils] Re: Environment markers for GPU/CUDA availibility

Would warehouse need to be extended to support additional non-exclusive environment markers? On Monday, September 3, 2018, Nick Coghlan wrote: > On Mon., 3 Sep. 2018, 5:48 am Ronald Oussoren, > wrote: > >> >> What’s the problem with including GPU and non-GPU variants of code in a >> binary

[Distutils] Re: Environment markers for GPU/CUDA availibility

What are the conditionals/criteria? - non Von Neumann (hardly debuggable)? - GPUs - CUDA support - TPUs - If the GPU card is detected but the drivers aren't installed, what should it do? On Friday, August 31, 2018, Tzu-ping Chung wrote: > I’m not knowledgable about GPUs, but from limited

[Distutils] Re: pipenv and pip

On Monday, August 20, 2018, Paul Moore wrote: > On Mon, 20 Aug 2018 at 10:54, Wes Turner wrote: > > > > What stable API would be worth maintaining in pip for others to use? > > That's probably the sort of question that can only be usefully > answered by projects

[Distutils] Re: pipenv and pip

What stable API would be worth maintaining in pip for others to use? "[Distutils] Announcement: Pip 10 is coming, and will move all internal APIs" https://groups.google.com/forum/m/#!topic/pypa-dev/JVTfS6ZdAuM On Monday, August 20, 2018, Chris Jerdonek wrote: > Thanks. Is the state of

[Distutils] Re: Is ensurepip still a thing?

Is there a build script that automates vendoring in the latest pip? I see checkpip.py, which only checks the version. https://docs.python.org/3/library/ensurepip.html https://www.python.org/dev/peps/pep-0453/#updating-the-private-copy-of-pip

[Distutils] Re: Packaging Advice for EFF's Certbot

ist. While these packages exist in > OS repos, some users will continue to use them regardless of the > alternative packaging approach we take. Unless the current issues are > resolved and we’re confident new ones in the future will be fixed quickly > as well, I think we need to offer alternati

[Distutils] Re: Packaging Advice for EFF's Certbot

not even forks of unofficial configs and no consensus These also need to be part of the CI build. On Thursday, July 26, 2018, Wes Turner wrote: > > > >> If we didn’t want to trust any binaries built by someone else or > proprietary code, how much work would that be? &

[Distutils] Re: Summary of PyPI overhaul in new LWN article

Hey, what's the latest on this? - Python PEP458: - https://www.pypa.io/en/latest/roadmap/#pypi-integrate-tuf On Wed, Apr 18, 2018 at 5:43 PM Trishank Kuppusamy < trishank.kuppus...@datadoghq.com> wrote: > >

[Distutils] Re: Packaging Advice for EFF's Certbot

>> If we didn’t want to trust any binaries built by someone else or proprietary code, how much work would that be? - Docker Notary (The Update Framework) - PEP 458, PEP 480 (TUF) - Host GPG .asc(s) for things you just found ## To build the whole toolchain yourself? Build, Package, Install,

[Distutils]Re: Handing over default BDFL-Delegate responsibilities for packaging interoperability PEPs to Paul Moore

Thanks Nick and Paul! Are there a few links which best describe the state of python packaging interoperability PEPs? https://www.pypa.io/en/latest/ https://www.pypa.io/en/latest/roadmap/ https://packaging.python.org/ https://github.com/pypa/interoperability-peps

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

; such as dropping a script or a binary with execute permissions into a directory at the top of the $PATH. On Friday, June 1, 2018, Nick Coghlan wrote: > On 1 June 2018 at 02:11, Wes Turner wrote: > >> On Thursday, May 31, 2018, Matthias Klose wrote: >> >>> On 26.05.201

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Thursday, May 31, 2018, Matthias Klose wrote: > On 26.05.2018 14:59, Nick Coghlan wrote: > > On Sat., 26 May 2018, 4:25 am Donald Stufft, wrote: > > > >> > >> > >> On May 25, 2018, at 12:44 PM, Thomas Kluyver > wrote: > >> > >> It's more annoying for scripts - on common Linux distributions,

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

.uk> wrote: > On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote: > > ~/.local/bin is user-writeable. If ~/.local was on PATH or by default, it > could potentially preempt/modify the behavior of system libraries and > binaries; which is a security risk. > > > I

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Friday, May 25, 2018, Wes Turner <wes.tur...@gmail.com> wrote: > > > On Friday, May 25, 2018, Thomas Kluyver <tho...@kluyver.me.uk> wrote: > >> On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote: >> > As an user, I want to use "sudo pip inst

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Friday, May 25, 2018, Thomas Kluyver wrote: > On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote: > > As an user, I want to use "sudo pip install" because packages > > installed in /usr (or /usr/local) are accessible without having to > > touch PYTHONPATH: the

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

Maybe `sudo pip install` should: - create a chroot && mkdir --prefix - drop privileges* - pip install - chown -R root:root - mv chroot/prefix/* prefix/ In most cases, the user does not need to run the (unreviewed, unsigned) code as root; neither should they run the (unreviewed, unsigned)

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Wednesday, May 23, 2018, Michael Sarahan <msara...@anaconda.com> wrote: > > > On Wed, May 23, 2018 at 3:45 PM, Wes Turner <wes.tur...@gmail.com> wrote: > >> >> >> On Wednesday, May 23, 2018, Michael Sarahan <msara...@anaconda.com> >> wro

[Distutils] Re: org-mode README file formats

Pypa/readme is what Warehouse uses to render rst and markdown long_descriptions to safe HTML. https://github.com/pypa/readme_renderer There are a number of org-mode implementations; even for a few for Vim and Sublime. https://en.m.wikipedia.org/wiki/Org-mode#Integration ``conda install pandoc``

[Distutils] Re: proposing Python package index upload API spec (potential PEP)

I move to define PyPA and Warehouse HTTP APIs with OpenAPI definitions. https://swagger.io/specification/ https://github.com/OAI/OpenAPI-Specification/blob/OpenAPI.next/versions/3.0.0.md > OPENAPI SPECIFICATION > > The OpenAPI specification (formerly known as the Swagger Specification) is a

[Distutils] This list will soon be migrating to Mailman 3

; the '-- ' helps indicate what can/should (?) be trimmed from the reply chain in order to keep it under 40KB. Is 40KB still the mm message size limit? On Tuesday, May 1, 2018, Mark Sapiro <m...@msapiro.net> wrote: On 04/30/2018 11:37 AM, Wes Turner wrote: > > > > - Is there a way to hide

[Distutils] Re: This list will soon be migrating to Mailman 3

Looking good. The signature footer from the message from you that ends with "I think it's fixed now." appears to collapse in the Gmail interface, but no longer does with the new, helpful footer? - Is there a way to hide these list footer links in an email signature block? - If there are two

[Distutils] Re: This list will soon be migrating to Mailman 3

On Sunday, April 29, 2018, Mark Sapiro <m...@msapiro.net> wrote: > On 04/29/2018 10:54 AM, Wes Turner wrote: > > > > -- > > ___ > > %(real_name)s maillist - To unsubscribe send an email to >

[Distutils] Re: This list will soon be migrating to Mailman 3

On Sunday, April 29, 2018, Mark Sapiro wrote: > On 04/27/2018 09:19 PM, Nick Coghlan wrote: > > > > The list migration to Mailman 3 has now been requested, and is expected > > to start around 1600 UTC, Sunday April 29th. Mark Sapiro will be > > handling the migration for us

Re: [Distutils] Improving Communication

On Saturday, April 21, 2018, James Bennett wrote: > Pulling in a sort-of success story from another large project, I like the > general way things happen in Django. > > For developers proposing an idea or fixing a bug: > > * There's IRC (#django-dev) for quick,

Re: [Distutils] Improving Communication

On Saturday, April 21, 2018, Wayne Werner <waynejwer...@gmail.com> wrote: > > > On Fri, Apr 20, 2018, 9:54 PM Wes Turner <wes.tur...@gmail.com> wrote: > >> >> >> On Friday, April 20, 2018, Donald Stufft <don...@stufft.io> wrote: >&g

[Distutils] Improving Communication

On Friday, April 20, 2018, Donald Stufft wrote: > Currently in the packaging space, we have a number of avenues for > communication, which are: > > - distutils-sig > - pypa-dev > - virtualenv-users > - Other project specific mailing lists > - IRC > - gitter > - Various issue

Re: [Distutils] File handling- tab separated files

This is the python distutils list for discussions regarding python packaging. For help with using the Python standard library, try the docs and/or the python tutor mailing list. https://www.google.com/search?q=site:docs.python.org+tsv https://www.python.org/community/lists/#tutor

Re: [Distutils] Pip 10.0 has been released

Thanks! On Saturday, April 14, 2018, Thomas Kluyver wrote: > Thanks and congratulations to everyone who has worked on pip! > > On Sat, Apr 14, 2018, at 1:47 PM, Paul Moore wrote: > > On behalf of the PyPA, I am pleased to announce that pip 10.0 has just > > been released.

Re: [Distutils] Summary of PyPI overhaul in new LWN article

>From "TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519" https://mail.python.org/pipermail/distutils-sig/2018-March/032081.html : > Are there pypa/warehouse github issues for implementing the TUF trust root support in warehouse; and client support in pip (or a module that pip and other tools

Re: [Distutils] providing a way for pip to communicate extra info to users

A MOTD from anything but a signed package would be user-supplied input. Shell/terminal command ^[escaping would be necessary: https://stackoverflow.com/questions/6534556/how-to-remove-and-all-of-the-escape-sequences-in-a-file-using-linux-shell-sc Impact: Are additional requests and variable

Re: [Distutils] Distributing packages to offline machines

On Friday, April 6, 2018, Ben Finney wrote: > Nick Coghlan writes: > > > Keep a requirements.txt file or `Pipfile` in source control, then run > > CI jobs based on that repo […] > > What is a “Pipfile”? https://docs.pipenv.org/

Re: [Distutils] Distributing packages to offline machines

Have you already tried `pip download --platform`? https://pip.pypa.io/en/stable/reference/pip_download/#cmdoption-platform It may be worth setting up devpi (maybe in a container) and caching the packages; particularly for CI: https://packaging.python.org/guides/index-mirrors-and-caches/

Re: [Distutils] Removing wheel signing features from the wheel library

/mail.python.org/pipermail/distutils-sig/2018-March/032081.html I split the thread. Thanks for the explanation. > > On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner <wes.tur...@gmail.com> wrote: > >> >> >> On Thursday, March 22, 2018, Daniel Holth <dho...@

Re: [Distutils] Removing wheel signing features from the wheel library

On Thursday, March 22, 2018, <alex.gronh...@nextday.fi> wrote: > to, 2018-03-22 kello 16:40 -0400, Wes Turner kirjoitti: > > > > On Thursday, March 22, 2018, Daniel Holth <dho...@gmail.com> wrote: > > The feature was a building block that was intended to be use

[Distutils] TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519

9 https://theupdateframework.github.io/ https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#the-update-framework-specification On Thursday, March 22, 2018, Trishank Kuppusamy < trishank.kuppus...@datadoghq.com> wrote: > Hi Wes, > > On Thu, Mar 22, 2

Re: [Distutils] Removing wheel signing features from the wheel library

isn't the most common thing, but >> it's the main documentation of the wheel format and it'll save confusion >> later. >> >> On Mar 22, 2018 10:57 AM, "Wes Turner" <wes.tur...@gmail.com> wrote: >> >>> What maintenance is required? >>> >&

Re: [Distutils] Removing wheel signing features from the wheel library

What maintenance is required? Here's a link to the previous discussion of this issue: "Remove or deprecate wheel-signing features" https://github.com/pypa/wheel/issues/196 What has changed? There is still no method for specifying a keyring; whereas with GPG, all keys in the ring are trusted.

[Distutils] It should be possible to set a custom pypirc location

"Custom location for .pypirc file" https://stackoverflow.com/questions/37845125/custom-location-for-pypirc-file - https://github.com/pypa/setuptools/blob/master/ setuptools/package_index.py#L997

Re: [Distutils] print module

https://www.google.com/search?q=Which+module+do+I+import+to+use+print%3F (the StackOverflow result answers your question) https://www.google.com/search?q=python+print+function (first result) https://docs.python.org/3/search.html?q=Print (second result -> print function)

Re: [Distutils] Deprecating/Removing OpenID/Google login support for PyPI

python-social-auth supports OAuth 1, OAuth 2, OpenID, SAML with many auth providers and python trsmeworks; including Pyramid, BitBucket, Google, GitHub, GitLab, https://python-social-auth.readthedocs.io/en/latest/ http://python-social-auth.readthedocs.io/en/latest/backends/

Re: [Distutils] RFC: PEP 566 - Metadata for Python Software Packages 1.3

On Monday, December 11, 2017, Dustin Ingram wrote: > After working a bit on an implementation of the "JSON-compatible > Metadata" section in this PEP, I'm noticing that it might be more > useful if it had the following step instead for canonicalizing the > field names: > > > #. All

Re: [Distutils] RFC: PEP 566 - Metadata for Python Software Packages 1.3

>From "[distutils] Multiple package authors" [1] - How should multiple author-email and maintainer-email addresses be specified? - Should we add security-email and/or security-disclosure-instructions? [1] http://markmail.org/thread/xmwfktnsbmpakv6b On Wednesday, December 6, 2017, Nick Coghlan

Re: [Distutils] Multiple package authors

There are author-email and maintainer-email fields. You could also or instead use a mailing list address for the author-email or maintainer-email fields. Newlines work (just like file\nnames)? With a mailing list, package maintainers can share responsibility (*) and hand off correspondence

Re: [Distutils] pythonhosted.org doc upload no longer works

Is there a recommended way to redirect docs that weren't updated before new uploads were prevented? (The mailing list thread about this change is further up in the thread) On Monday, November 20, 2017, Ronald Oussoren wrote: > > On 20 Oct 2017, at 14:42, Ronald Oussoren

Re: [Distutils] Where to get help changing ownership of Pypi package?

There's a "package claim" label in the pypa/pypi-legacy Github issue tracker: https://github.com/pypa/pypi-legacy/issues What is the documented procedure for handling transfer of package ownership? On Sunday, November 5, 2017, Stuart Axon via Distutils-SIG < distutils-sig@python.org> wrote: >

Re: [Distutils] [Python-ideas] Add processor generation to wheel metadata

Maybe the anaconda team has some insight on a standard way to capture (& configure) compiler versions and flags in package metadata? From https://www.anaconda.com/blog/developer-blog/announcing-the-release-of-anaconda-distribution-5-0/ : > The Anaconda 5.0 release used very modern compilers to

Re: [Distutils] Wheel 1.0 roadmap

REQ: feedback re: "Remove or deprecate wheel signing features #196" https://github.com/pypa/wheel/issues/196 Is the current implementation incomplete without signature verification? According to the spec? ``` The spec includes this feature. So, even though this verify() function is incomplete,

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

- Are there issue tickets which contain the search-indexed ERROR_STRINGS users may encounter due to this change? - Does it make sense to add an update regarding this necessary security upgrade to https://status.python.org (which can be subscribed to and followed on

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

On Friday, October 27, 2017, Paul Moore wrote: > On 27 October 2017 at 22:22, Alex Domoradov > wrote: > > I got it. And what I should do with old system? For e.g. we still use > ubuntu > > 12.04. Is there any way to upgrade pip/setuptools?

Re: [Distutils] Re PEP 508

https://docs.python.org/devguide/pullrequest.html https://github.com/python/peps/issues/new https://github.com/python/peps/blob/master/pep-0508.txt On Sunday, October 22, 2017, Michael Laing wrote: > I have a correction and a couple of possible improvements to the

Re: [Distutils] Entry points: specifying and caching

On Saturday, October 21, 2017, Nick Coghlan wrote: > On 20 October 2017 at 23:42, Donald Stufft > wrote: > >> On Oct 20, 2017, at 9:35 AM, Nick Coghlan >

Re: [Distutils] Entry points: specifying and caching

On Friday, October 20, 2017, Doug Hellmann wrote: > Excerpts from Wes Turner's message of 2017-10-20 10:41:02 -0400: > > On Friday, October 20, 2017, Donald Stufft > wrote: > > > > > > > > > > > On Oct 20, 2017, at 9:35 AM, Nick Coghlan

Re: [Distutils] Documentation link on PyPI.org

> https://www.google.com/search?q=TLSV1_ALERT_PROTOCOL_VERSION Looks like TLSv1 (TLS 1.0) is deprecated. https://www.google.com/search?q=TLSV1_ALERT_PROTOCOL_VERSION+twine https://github.com/pypa/twine/issues/273 > > > On Sun, Aug 27, 2017, 13:01 Ronald Oussoren <r

Re: [Distutils] Entry points: specifying and caching

On Friday, October 20, 2017, Donald Stufft wrote: > > > On Oct 20, 2017, at 9:35 AM, Nick Coghlan > wrote: > > On 20 October 2017 at 23:19, Donald Stufft

Re: [Distutils] Entry points: specifying and caching

On Friday, October 20, 2017, Thomas Kluyver wrote: > On Fri, Oct 20, 2017, at 01:36 PM, Donald Stufft wrote: > > Entry points have a lot of problems and I know of multiple systems that > have either moved away from them, had to hack around how bad they are, have > refused

Re: [Distutils] Entry points: specifying and caching

On Thursday, October 19, 2017, Donald Stufft wrote: > > On Oct 19, 2017, at 5:26 PM, Tres Seaver > wrote: > > Having the packaging > system register those services at installation time (even if it

Re: [Distutils] Entry points: specifying and caching

def get_env_json_path(): directory = $VIRTUAL_ENV || ? return os.path.join(directory, ENV_JSON_FILENAME) def on_install(pkg_json): env_json_path = get_env_json_path() env_json = json.load(env_json_path) env_json['pkgs’][pkgname] = pkg_json with open(env_json_path, 'w') as f:

  1   2   3   >