[Catalog-sig] RFC: PEP243: Module Repository Upload Mechanism
Martin v. Loewis
Sun, 25 Mar 2001 12:25:26 +0200
I have a few minor comments to your draft.
> This form is posted using ENCTYPE="multipart/form-data" encoding [RFC1867].
This RFC is informative only; the RFC specifying the
multipart/form-data content type is RFC 2388.
> signature (optional) -- A OpenPGP-compatible signature [RFC2440]
> of the uploaded distribution as signed by the author. This may be
> used by the cataloging system to automate acceptance of uploads.
Is that required to be an ASCII armor (6.2), or can it be a raw
detached signature (10.3)? If the latter, your form should probably
not expect text input there (even if it is an armor, a multiline input
would be more appropriate).
Is it also acceptable to send a Signed Message (10.2) as the
distribution? If so, is it then still mandatory to send the md5sum?
Does the md5sum then apply to the signed or the unsigned distribution?
> The upload client must submit the page in the same form as
> Netscape Navigator version 4.76 for Linux produces when presented
> with the following form:
Wasn't there some complaint about that wording already? What kind of
requirement does that state, beyond what is already specified above
(host, port, method, mime-type, field list).
E.g. I believe Netscape will send all fields, even if left empty. Is
that a requirement, or is it allowed to leave out fields which are
described as optional? Also, that could be read into mandating a
specific order in which the fields must be sent? Is that a
My proposal is to not use the word "must" in that entire section, and
to make it clear otherwise that the section is informative.
> I currently have a proof-of-concept client and server implemented.
Is that available somewhere?