Tarek Ziadé wrote:
I started to write a new PEP (well a wiki page in fact...) that describes a new package called "pypi" that would be dedicated to package registering and uploading mechanisms. It would also provide enhancements like a proper password hash, or deepers metadata controls
Any opinions about this PEP ? I tried to include all the problems people are having with register and upload.
I think that catalog-sig would be interested in this.
That said, I didn't see any indication of what I consider to be a critical failure in PyPI: No dependency metadata prior to downloading the package.