On 3 January 2015 at 02:26, Donald Stufft <donald@stufft.io> wrote:

On Jan 2, 2015, at 11:14 AM, Vladimir Diaz <vladimir.v.diaz@gmail.com> wrote:

Thanks for the great feedback - Nick, Donald, Paul, and Richard (off-list).

I am totally fine with focusing on PEP 458 and applying the final coat of paint on this document.

There's a lot of background documentation and technical details excluded from the PEPs (to avoid turning the PEP into a 15+ page behemoth), but I do agree that we should explicitly cover some of these implementation details in PEP 458.  Subsections on the exact format of metadata, explanation on how metadata is signed, and how the roles are "delegated" with the library, still remain.  As Paul as indicated, terminology can also be improved so as to be more readable for "non-experts."

Let me know how we should collaborate on PEP 458 going forward.  Guido van Rossum made minor corrections to PEP 458, and requested we reflect his changes back to the version on Github.  We can either move hg.python.org/pep/pep-0458.txt to github.com/pypa or github.com/theupdateframework/pep-on-pypi-with-tuf.

As far as I’m concerned I’m willing to collab however is best for y’all. It appears you’re doing it on Github in the https://github.com/theupdateframework/pep-on-pypi-with-tuf repository so I’m happy to make PRs there. I’m also happy to make PRs elsewhere as well though I prefer somewhere on Github. I’ll sit down with PEP 458 maybe this weekend and see if I can crank out some PRs to refine it.

It probably makes sense to pull the TUF PEPs into the new pypa/interoperability-peps repo with the rest of them, and add Vladimir et al as developers on that repo (or just to the general PyPA developers group).

Cheers,
Nick.

--
Nick Coghlan   |   ncoghlan@gmail.com   |   Brisbane, Australia