Re: barriers to Warehouse contribution

On Wed, 17 Jan 2018 at 08:40 wrote: > Maybe what PyPa needs is a developer advocate type position: > > https://medium.com/@ashleymcnamara/what-is-developer-advocacy-3a92442b627c > > Does the PSF even have someone in this position? > Nope. The PSF only has staff for administration, PyCon, and IT

Trying to outline the steps taken to go from "I want this package" to it being installed

I have a project idea, but before I start it I need to make sure that I have the high-order steps necessary to go from `pip install pip=9.0.1` to it actually ending up on disk. Now I'm only considered with modern/bleeding-edge, spec-based stuff, so PEP 517/518 and no setup.py, etc. Anyway, if p

Re: Trying to outline the steps taken to go from "I want this package" to it being installed

Thanks for the extra details, Nick! I have some documentation to read on some projects now that I have a complete list, but once that's done I'll come back here with my idea. ;) On Fri, 2 Mar 2018 at 21:50 Nick Coghlan wrote: > On 3 March 2018 at 06:55, Brett Cannon wrote:

Figuring out library holes in the package installation process

With the big push we are all working towards standards, I thought it would be interesting to outline the steps it takes to go from requesting a package to be installed to it ending up on disk (see my first email on such an outline

Re: Figuring out library holes in the package installation process

Based on no one speaking up, I'm assuming I wasn't wrong with my outline. ;) That looks like there may be one PEP to write and a few things to add to 'packaging' (or other projects as appropriate). On Monday, 19 March 2018 19:39:43 UTC-7, Brett Cannon wrote: > > Wi

Re: PyPI JSON API redirect loop for all unpublished packages

On Fri, May 18, 2018, 06:08 Dustin Ingram, wrote: > I did reach out to the one contact we had there from when GCP/Fastly > were having issues that affected Travis/PyPI (Emma) on Monday, but got > no response. > If Travis doesn't work out then let Steve Dower and me know and we can see if we can

Re: Question about python packaging

On Thu, 19 Jul 2018 at 16:01 蕭毅 wrote: > It seems that originally I posted to wrong place. > https://groups.google.com/forum/#!topic/python-virtualenv/iExzUJhC_PY > > Hi all: > > I have a new Python package https://github.com/NAL-i5K/GFF3toolkit with > new release. > > In this new release, I have

Re: Trying to outline the steps taken to go from "I want this package" to it being installed

upport to 'packaging': https://github.com/pypa/packaging/pull/156 . -Brett > > Thanks! > > -- > Sumana Harihareswara > Changeset Consulting > https://changeset.nyc > > On 3/5/18 1:01 PM, Brett Cannon wrote: > > Thanks for the extra details, Nick! I have

Re: Trying to outline the steps taken to go from "I want this package" to it being installed

On Sat, 22 Dec 2018 at 12:22, Brett Cannon wrote: > > > On Fri, 21 Dec 2018 at 12:08, Sumana Harihareswara > wrote: > >> Brett, did you end up making progress on this? If not, would you be open >> to someone else picking it up? >> > > The complete outline

Re: Handling packages with known vulnerabilities

Since PyPI is an open package host/index there is no policy here. It is up to the package maintainers to remove vulnerable packages or for users to do their best to not use vulnerable packages (PyPA doesn't have the staffing to police this sort of thing). On Tue, Feb 12, 2019 at 1:50 PM Alex deVri

Re: Handling packages with known vulnerabilities

On Tue, Feb 12, 2019 at 5:17 PM Alex deVries wrote: > So what's the solution? Do nothing? > Maybe. There's a scale issue here along with simply getting people to agree is just plain hard. > > For Pycrypto, how about this as an approach: I confirm that the package > has been abandoned and apply

Re: Handling packages with known vulnerabilities

On Thu, Feb 14, 2019 at 7:28 AM Tzu-ping Chung wrote: > Incidentally, someone wondered about this exact same thing on distutils-sig > just a couple of days ago: > > > https://mail.python.org/archives/list/distutils-...@python.org/thread/WPQDP73N7IINXX36UAOG7YDYHD7MYU4X/ > > (Maybe this is not a s

Re: pypi stats page down

It's probably been retired. https://status.python.org/ is the page the 404 page links to and it covers all Python infrastructure services. On Thu, Jul 11, 2019 at 11:49 AM micah page wrote: > Why does has this page been down for 2+ months? > https://pypi.org/stats/ > > -- > You received this mes

Re: package verification

Sviatoslav On Fri, Jul 26, 2019 at 4:58 AM Ioakim Ioakim wrote: > I am not sure. I am just looking to find where in the source code a > package gets verified before being installed on a client's machine > Unfortunately something stripped out what you were replying to, Ioakim, but I assume it

Re: Pip not responding to pyenv

The easiest solution to this is to run pip via `python -m pip`. That way it is directly ties to the Python you use to execute it. On Wed, Mar 11, 2020 at 1:46 AM Shlok Sinha wrote: > Hello > The heading is pretty explanatory. I had started to use pyenv, but > unfortunately, pip did not take that