Multiple package authors
I think I implicitly knew this, but as I've just released a package (to be announced soon) that actually has multiple authors, I found out first hand that PyPI rejects uploads where the author-email field isn't a completely valid email address, and that there is no support for multiple author emails. As it turns out, you can kludge this into your pyproject.toml or setup.py file. flit for example separates multiple emails with a newline, but you could also separate them with commas. You don't notice the problem until PyPI rejects the upload (with a 400 IIRC). I filed this issue with flit: https://github.com/takluyver/flit/issues/153 It looks like Thomas agrees that at least flit will eventually validate its fields so you error early. It was a bit of a PITA to do my upload because I didn't notice the problem until after I'd tagged the repo. Multiple package authors doesn't seem like that fringe of a use case; are there any plans, documents, PEPs, musings, grumbles about supporting multiple package authors explicitly? Cheers, -Barry
There are author-email and maintainer-email fields. You could also or instead use a mailing list address for the author-email or maintainer-email fields. Newlines work (just like file\nnames)? With a mailing list, package maintainers can share responsibility (*) and hand off correspondence without forwards and indentation. Google Groups is free; are there alternatives: https://support.google.com/groups/answer/2464926 You can use a third party service to create e.g. GitHub or GitLab issues via email; however, security sensitive information (vulnerabilities, credentials, personal information) may require additional caution and admonitions. If not otherwise specified in the long description, presumably the author-email and/or maintainer-email address(es) are the correct place to send fair disclosure information. This could be a separate thread/issue and an additional package metadata field maybe for Package Metadata 1.3? Sorry, a BIT OT. security-email? On Thursday, December 7, 2017, Barry Warsaw <barry@python.org> wrote:
I think I implicitly knew this, but as I've just released a package (to be announced soon) that actually has multiple authors, I found out first hand that PyPI rejects uploads where the author-email field isn't a completely valid email address, and that there is no support for multiple author emails.
As it turns out, you can kludge this into your pyproject.toml or setup.py file. flit for example separates multiple emails with a newline, but you could also separate them with commas. You don't notice the problem until PyPI rejects the upload (with a 400 IIRC).
I filed this issue with flit: https://github.com/takluyver/flit/issues/153
It looks like Thomas agrees that at least flit will eventually validate its fields so you error early. It was a bit of a PITA to do my upload because I didn't notice the problem until after I'd tagged the repo.
Multiple package authors doesn't seem like that fringe of a use case; are there any plans, documents, PEPs, musings, grumbles about supporting multiple package authors explicitly?
Cheers, -Barry
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
Wes Turner wrote:
There are author-email and maintainer-email fields.
You could also or instead use a mailing list address for the author-email or maintainer-email fields. Newlines work (just like file\nnames)?
With a mailing list, package maintainers can share responsibility (*) and hand off correspondence without forwards and indentation.
Oh, I know there are workarounds, but that's not the point. I think it would generally make sense to support multiple authors directly, since collaboration is a common pattern. Cheers -Barry
participants (2)
-
Barry Warsaw -
Wes Turner