gmane.comp.python.catalog

Reminder: catalog-sig is retired

Richard Jones — 2013-04-01T06:41:10

Please direct all followups / CCs to distutils-sig.


Thankyou,

    Richard
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG< at >python.org
http://mail.python.org/mailman/listinfo/catalog-sig

Shutting down catalog-sig

Richard Jones — 2013-03-30T22:16:38

Hi all,

We're about to merge the catalog-sig and distutils-sig by just removing the
catalog-sig mailing list. If you wish to remain in the discussions
regarding Python package cataloging then please subscribe to the distutils
SIG.

The catalog SIG archives will remain, but the mailing list will be deleted
and the SIG will be retired.

There's no real timeframe but it will be happening imminently.


     Richard
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG< at >python.org
http://mail.python.org/mailman/listinfo/catalog-sig

How to determine if archive is an sdist or bdist

James Carpenter — 2013-03-28T19:57:09

Is there an easy way to programmatically tell if an archive (tar.gz, zip,
etc.) in the dist directory is a binary or sdist? I would like to
post-process the contents of a dist directory and classify each build
artifact there (egg, sdist, bdist, etc.).

Currently the only approach I know of is to have my own command that is run
along with the relevant build command.  For example:

python setup.py sdist be_funky

or:
python setup.py sdist bdist bdist_egg be_funky

Using this approach the tuples in  self.distribution.dist_files provide the
command, python version and file created. Unfortunately this solution is
slightly more complicated in my use case than simply having an easy way to
classify each build artifact and extract it's pkg-info.
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG< at >python.org
http://mail.python.org/mailman/listinfo/catalog-sig

Merge catalog-sig and distutils-sig

Donald Stufft — 2013-03-28T18:22:59

Is there much point in keeping catalog-sig and distutils-sig separate?

It seems to me that most of the same people are on both lists, and the topics almost always have consequences to both sides of the coin. So much so that it's often hard to pick *which* of the two (or both) lists you post too. Further confused by the fact that distutils is hopefully someday going to go away :)

Not sure if there's some official process for requesting it or not, but I think we should merge the two lists and just make packaging-sig to umbrella the entire packaging topics.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

_______________________________________________
Catalog-SIG mailing list
Catalog-SIG< at >python.org
http://mail.python.org/mailman/listinfo/catalog-sig

PEP 438 progress update

Richard Jones — 2013-03-28T00:29:54

Hi all,

It was my intention to formally accept the PEP and deploy the
implementation to the production PyPI when I got back home this week,
but things have been quite hectic and I've not found the time to
perform the pre-deployment tasks needed (specifically steps 5, 6 and 7
of the first transition phase; determining the various email lists I
need to inform people of the changes.) At the moment I'm not sure when
I'll have time to do that; hopefully next week some time but it could
be as long as four weeks before I get sufficient tuits(round).


    Richard

c.pypi.python.org - IP address change

Andreas Jung — 2013-03-27T15:54:19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

I moved my c.pypi.python.org mirror to a new faster machine.

Please update the DNS entry to 176.9.146.29.

This mirror is  running on top of Christian Theune's bandersnatch
implementation.

Andrreas

- -- 
ZOPYX Limited         | Python | Zope | Plone | MongoDB
Hundskapfklinge 33    | Consulting & Development
D-72074 Tübingen      | Electronic Publishing Solutions
www.zopyx.com         | Scalable Web Solutions
- --------------------------------------------------
Produce & Publish - www.produce-and-publish.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGUBAEBAgAGBQJRUxYrAAoJEADcfz7u4AZj+/kLwLo1gWKQfaVXMjJxN+6Ouens
0+ODnkdGhXFBAcwHM+VpBumFCodST8Cc3iEIT6EGK9HVZEMh7w9cBBO/jKrFX87K
7FYNdybEu81BLa1DxuZh3ux8xDC/bDj4lArYJLF3VcjSL2ZtQTaNyScb/u3n5VR2
pWFKppwF6VQ3P1n5RdmzAHIzF6XGixlR7kpKRJVS37ADfl8yR7ZB7frXzhux6qDn
f5c32QccT5RLKUk6R46GQU8+nHRVRVqum/hep5hX2wXVTeKfuEa8+MZOa/O

Suscribing to PYPI projects

Jesus Cea — 2013-03-26T20:07:43

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I wonder if would be too difficult to be able to subscribe to projects
in PYPI, to be notified if a new version is available.

An option to PIP & family to verify local versions with PYPI versions,
and report old version would be useful too.

- -- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea< at >jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: < at >jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea< at >jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUVIAD5lgi5GaxT1NAQJtfwQAhTeby09fEx/0smKy+FKKP+YacAHyfvY1
HvuxsipLanFaiCcRaxWzyzN9+2hUqD88BtUGzgNdqG

error trying to upload by package

Chris Withers — 2013-03-26T14:02:21

Hi All,

I have a package called files: https://github.com/Simplistix/files

...but I get a 403 when I try to register it on PyPI.

Why is that?

cheers,

Chris

PyPI Crediting

anatoly techtonik — 2013-03-22T08:32:00

Does anybody think that PyPI source code base should include the names of
the people who contributed to its development?

PyPI web interface UX (Was: API for uploading packages to PyPI)

anatoly techtonik — 2013-03-22T08:26:25

OMG. I didn't even looked at the boxes. IMHO somebody should reduce the
amount of duplication and choices between menu and boxes. It is
really-really overburdened. For example, no need to say "use search above"
when it is evident the you need to find the button, or to use that "browse
all packages" link when it is actually a first item on the menu.

RSS should be moved out of scope of main menu. It is just "yikes!".
The whole menu section with links to main Python web site should be moved
out of place (is there a quick way to measure how many users follow these
links)?

Yes, I can send a patch if everyone agrees.

API for uploading packages to PyPI

anatoly techtonik — 2013-03-22T07:37:18

Hi,

I understand that this will make PyPI a potential target for automated spam
bots, but still it will be awesome to have an API to upload packages to
PyPI.

For example, I have a code that extract all necessary meta data for the
package from the source file itself. It is even able to generate setup.py
from this data. https://bitbucket.org/techtonik/astdump The next logical
step in this chain is to teach it to upload stuff to PyPI.

Now I thought that this setup.py is an unnecessary complication. What I
need, ideally is just upload single .py file, or a JSON and a .tar.gz FWIW.
Is there a straightforward API for things like that?

Please, CC.

Access to Windows' cert store

Christian Heimes — 2013-03-21T12:06:07

Hi,

the message is slightly off-topic but it might be interesting for pip,
setuptools and other developers that are working on HTTPS for PyPI.

I while ago I found C++ example code that shows how to dump CA and CRL
certs from Windows's system cert store. The system cert store contains
the certificates used by Windows, IE etc.

Yesterday I reimplemented the C++ code with Python and ctypes. I have
tested it with Python 2.6 to 3.3 (x86 and x86_64) on Windows 7. It
should work with Windows XP / Windows Server 2003 and all newer versions
of Windows. The output is usabl by Python's SSL module but you have to
dump the certs to a file first.

I'm planing to add the feature to Python 3.4, too.
http://bugs.python.org/issue17134

You can download the code from

  https://bitbucket.org/tiran/wincertstore


Regards,
Christian

Updated PEP 438

Richard Jones — 2013-03-21T00:30:09

I've pushed the latest PEP to the repos. It has all the recent
clarifications and the API docs. Just need to wait for the website to
rebuild or something.

Unless there's any last-minute problems I'll accept the PEP in this
form and push the implementation to the production PyPI next week
after I fly home.


     Richard

Replacement client for pep381client

Christian Theune — 2013-03-20T23:59:21

Hi,

as you might be aware, I've done my share on bitching about my mirror 
(f.pypi.python.org) breaking.

I have picked pep381client apart yesterday and rebuilt it - mostly from 
ground up.

You can find a working version here:
https://bitbucket.org/ctheune/bandersnatch

The focus has been on making it a lot more robust and a lot easier to 
repair a mirror when it's known to be broken. To achieve that I:

- refactored the code, trying to make it more intentional, less mechanical
- stop parsing the simple pages' html and make more use of the XML-RPC API
- add Tarek's worker/queue approach for parallelizing it
- keep as little state as possible on the client
- switch form timestamps to serial counters for checking what and how 
much to update
- handle locking of concurrent runs more gracefully

I think I have a good grasp of what's going on now so that I can keep 
maintining this in the future.

I'm currently re-initializing my own mirror. This basically can be run 
in-place by just removing the existing stat

PEP 438 implementation on testpypi

Richard Jones — 2013-03-20T18:26:45

Thanks to Donald Stufft for his implementation of the PEP 438 changes,
I've made them live on testpypi.python.org - specifically the "urls"
page of package administration. Please poke and play.


     Richard

V4 Pre-PEP: transition to release-file hosting on PYPI

holger krekel — 2013-03-15T09:29:59

Hi all, in particular Philip, Marc-Andre, Donald,

Carl and me decided to simplify the PEP and avoid the somewhat
awkward ``simple/-with-externals`` index for various reasons, among them
Marc-Andre's criticisms.  This also means present-day installation tools
(shipped with Redhat/Debian/etc.) will continue to work as today for
those packages which remain in a hosting-mode that requires crawling and
scraping.  They will still benefit from the fact that most packages will
soon have a hosting-mode that avoids it.  Future releases of installation
tools will default to not perform crawling or using (scraped) external
links, and new PYPI projects will default to only serve uploaded files.

The V4 pre-PEP also renames the three PyPI hosting modes to be more
descriptive. Since all three modes allow external links, "pypi-ext" vs
"pypi-only" were misleading. The new naming distinguishes the mode that both
scrapes links from metadata and crawls external pages for more links
("pypi-scrape-crawl") from the mode that only

ResponseNotReady error while trying to do fresh sync

Qijiang Fan — 2013-03-14T04:17:35

Hello,
I'm maintaining e.pypi.python.org (with Aron Xu).
We met some issues on our network attached storage, so we decided to
do a fresh sync of pypi.
We met an issue while doing that,

we got an exception httplib.ResponseNotReady

similar to this mail
"http://mail.python.org/pipermail/catalog-sig/2013-February/005224.html"

Currently, we ignored all packages with that issues, and finish the sync.

But there would be some files missing.

The three packages which cause that exception are listed below:
https://pypi.python.org/simple/iterator/
https://pypi.python.org/simple/nester_test_ling/
https://pypi.python.org/simple/nesterswe/

Please notify us when it get fixed, so that we can update it and make
it completed.

Best Regards,
Qijiang Fan

V3 PEP-draft for transitioning to pypi-hosting ofrelease files

holger krekel — 2013-03-13T11:21:59

Hi all,

after some more discussions and hours spend by Carl Meyer (who is now
co-authoring the PEP) and me, here is a new V3 pre-submit draft.  
It is now more ambitious than the previous draft as should be obvious
from the modified abstract (and Carl Meyers and Philip's earlier
interactions on this list).  There also are more details of how
the current link-scraping works among other improvements and incorporations
of feedback from discussions here.

We intend to submit this draft tonight to the PEP editors.  

Feedback now and later remains welcome.  I am sure there are issues to 
be sorted and clarified, among them the versioning-API suggestion by 
Marc-Andre.

Thanks for everybody's support and feedback so far,
holger


PEP: XXX
Title: Transitioning to release-file hosting on PyPI
Version: $Revision$
Last-Modified: $Date$
Author: Holger Krekel <holger< at >merlinux.eu>, Carl Meyer <carl< at >oddbird.net>
Discussions-To: catalog-sig< at >python.org
Status: Draft (PRE-submit V3)
Type: Process
Content-Type: text/x-rst
Cr

A modest proposal for securing PyPI with TUF

Trishank Karthik Kuppusamy — 2013-03-13T06:41:55

Hello everyone,

I am pleased to announce our demonstration of PyPI and pip with TUF.

Firstly, we solicit your thoughts and comments on our design document 
for integrating PyPI with TUF:

https://docs.google.com/document/d/1sHMhgrGXNCvBZdmjVJzuoN5uMaUAUDWBmn3jo7vxjjw/edit?usp=sharing

Secondly, you may wish to test our demo of PyPI and pip with TUF:

https://github.com/dachshund/pip/wiki/pip-over-TUF

Thirdly, this is how little it takes to secure pip with TUF:

https://github.com/dachshund/pip/compare/develop...tuf

Finally, you may be interested to learn about how one might manually 
secure a PyPI package index with TUF:

https://github.com/dachshund/pip/wiki/PyPI-over-TUF

We are excited to be able to show this to you now, and in person at our 
lightning talk at PyCon this Friday.

We think that there is great potential for the PyPI and TUF community to 
work together to secure Python package management. This is just the 
beginning, and there is some work left to do, but we are confident that 
we have d

setuptools/distribute/easy_install/pkg_resourcesorting algorithm

M.-A. Lemburg — 2013-03-12T18:15:17

I've run into a weird issue with easy_install, that I'm trying to solve:

If I place two files named

egenix_mxodbc_connect_client-2.0.2-py2.6.egg
egenix-mxodbc-connect-client-2.0.2.win32-py2.6.prebuilt.zip

into the same directory and let easy_install running on Linux
scan this, it considers the second file for Windows as best
match.

Is the algorithm used for determining the best match documented
somewhere ?

I've had a look at the implementation, but this left me rather
clueless.

I thought that setuptools would prefer the .egg file over
the prebuilt .zip file - binary files being easier to install
than "source" files.

Thanks,

V2 pre-PEP: transitioning to release file hosting onPYPI

holger krekel — 2013-03-12T11:38:17

Hi all,

below is the new PEP pre-submit version (V2) which incorporates the
latest suggestions and aims at a rapidly deployable solution.  Thanks in
particular to Philip, Donald and Marc-Andre.  I also added a few notes
on how installers should behave with respect to non-PYPI crawling.  

I think a PEP like doc is warranted and that we should not silently
change things without proper communication to maintainers and pre-planning
the implementation/change process.  Arguably, the changes are more
invasive than "oh, let's just do a http->https redirect" which didn't
work too well either.

Now, if there is some agreement, i can submit this PEP officially tomorrow,
and given agreement/refinments from the Pycon folks and the likes of
Richard, we may be able to get going very shortly after Pycon.

cheers,
holger


PEP-draft: transitioning to release-file hosting on PYPI
====================================================================

Status
-----------

PRE-SUBMIT-v2

Abstract
------------

This PEP proposes