From rjones@ekit-inc.com Wed Nov 6 09:02:13 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Wed, 6 Nov 2002 20:02:13 +1100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
Message-ID: <200211062002.13815.rjones@ekit-inc.com>
I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
project to two new homes:
TEST Web interface: http://www.amk.ca/cgi-bin/pypi.cgi
Source code: http://sf.net/projects/pypi/
I've added a large amount of functionality, with only a few smaller tasks to
go. Notably there's now user login, manual submission/editing and searching.
Please, go kick the tyres. If you find a bug, please register it on
sourceforge.
The PEP has been submitted to the PEP editors, so my fingers are crossed there
:)
Richard
From thomas.heller@ion-tof.com Wed Nov 6 10:56:57 2002
From: thomas.heller@ion-tof.com (Thomas Heller)
Date: 06 Nov 2002 11:56:57 +0100
Subject: [Catalog-sig] Re: UPDATE: PyPI - Python Package Index
References: <200211062002.13815.rjones@ekit-inc.com>
Message-ID: <65vbotja.fsf@ion-tof.com>
Richard Jones <rjones@ekit-inc.com> writes:
> I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
> project to two new homes:
>
> TEST Web interface: http://www.amk.ca/cgi-bin/pypi.cgi
> Source code: http://sf.net/projects/pypi/
>
> I've added a large amount of functionality, with only a few smaller tasks to
> go. Notably there's now user login, manual submission/editing and searching.
> Please, go kick the tyres. If you find a bug, please register it on
> sourceforge.
That's what I did ;-).
>
> The PEP has been submitted to the PEP editors, so my fingers are crossed there
> :)
>
The real fun starts when the PEP is posted to a larger community.
Thomas
From rjones@ekit-inc.com Thu Nov 7 04:07:45 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Thu, 7 Nov 2002 15:07:45 +1100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
In-Reply-To: <200211062002.13815.rjones@ekit-inc.com>
References: <200211062002.13815.rjones@ekit-inc.com>
Message-ID: <200211071507.46139.rjones@ekit-inc.com>
On Wed, 6 Nov 2002 8:02 pm, Richard Jones wrote:
> I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
> project to two new homes:
>
> TEST Web interface: http://www.amk.ca/cgi-bin/pypi.cgi
Thanks to all the bug finders - most of the bugs were caused by
mis-configuration (my not changing the URLs in the web and register code to
point to amk's website). That's fixed now. As are the other bugs that popped
up as soon as people who aren't me used the interface :)
I've also implemented PKG-INFO uploading, and hidden packages aren't shown on
the index page.
Richard
From theller@python.net Thu Nov 7 18:18:39 2002
From: theller@python.net (Thomas Heller)
Date: 07 Nov 2002 19:18:39 +0100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
In-Reply-To: <200211062002.13815.rjones@ekit-inc.com>
References: <200211062002.13815.rjones@ekit-inc.com>
Message-ID: <lm45z1j4.fsf@python.net>
Richard, a small additional thing:
You always seem to do GET requests.
This means, for requesting a login, the initial password
is part of the URL, and chances are high, that this URL will show up
in someone's referrer logs. Not nice, IMO.
I probably don't know the rules completely, but this is what I do,
and it makes sense to me:
- When a request changes something on the server, do a POST.
- When an URL searches for something, do a GET, so that I can bookmark
it.
- Otherwise, decide from case to case.
Oh, and it seems I've locked myself out somehow:
The password isn't accepted any more, when trying to request a new
password the server says 'email address unknown to me',
when trying to create a new user account (username theller), it says
'user "theller" already exists'.
Thomas
From theller@python.net Thu Nov 7 18:40:04 2002
From: theller@python.net (Thomas Heller)
Date: 07 Nov 2002 19:40:04 +0100
Subject: [Catalog-sig] Re: New proposal, with PEP
References: <200210260931.26702.rjones@ekit-inc.com> <200210262205.44480.rjones@ekit-inc.com> <m31y6dnj1v.fsf@mira.informatik.hu-berlin.de> <200210270954.30130.rjones@ekit-inc.com>
Message-ID: <fzudz0jf.fsf@python.net>
Richard Jones <rjones@ekit-inc.com> writes:
> On Sun, 27 Oct 2002 5:37 am, Martin v. Loewis wrote:
> > But if
> > that is the way to go, how is this different from the Vaults, or
> > Freshmeat? If I were to look for Python packages, I'd look at
>
> Because:
>
> 1. there's no integration with distutils, and consequently no one-shot,
> trivial mechanism for submitting metadata,
> 2. neither of the above are hosted at python.org, and hence don't have any of
> the legitemacy that that hosting would bring, and
> 3. Freshmeat is a pain to use, and only supports open-source Linux projects
> (or at a minimum open-source projects that are available on Linux).
>
Not a very satisfactory answer, IMO.
Some time ago, the vaults have been the best place to find new python
software.
Search engines have improved, bandwidths have improved, so nowadays I
can certainly find interesting things with google *only*. Many things
can simply be find by entering http://packageIwant.sf.net/ ;-).
The only things I'm missing so far (but maybe I simply haven't found
them) is a way to automatically find the URL of the newest version of
a certain software package for a certain Python version, say Numeric,
win32all, wxPython or whatever.
So I believe the most important thing for a catalog is:
- to provide actual up-to-date download URLs to the actual packages,
indexed maybe by version and type(source, binary, platform)
- an api to request and process this information from within Python.
Thomas
From rjones@ekit-inc.com Thu Nov 7 21:10:37 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Fri, 8 Nov 2002 08:10:37 +1100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
In-Reply-To: <lm45z1j4.fsf@python.net>
References: <200211062002.13815.rjones@ekit-inc.com> <lm45z1j4.fsf@python.net>
Message-ID: <200211080810.38200.rjones@ekit-inc.com>
On Fri, 8 Nov 2002 5:18 am, Thomas Heller wrote:
> Richard, a small additional thing:
>
> You always seem to do GET requests.
>
> This means, for requesting a login, the initial password
> is part of the URL, and chances are high, that this URL will show up
> in someone's referrer logs. Not nice, IMO.
Oops, you're absolutely correct, the registration form should perform a POST.
This is why I have "people who aren't me" testing it out, to find the obvious
glaring problems :)
> Oh, and it seems I've locked myself out somehow:
> The password isn't accepted any more, when trying to request a new
> password the server says 'email address unknown to me',
> when trying to create a new user account (username theller), it says
> 'user "theller" already exists'.
I need to implement a second form of password resetting, using the model
sourceforge uses: given a username, send an email to the user's address with
a OTK which when passed back to the server will reset the password.
Richard
From rjones@ekit-inc.com Thu Nov 7 21:13:42 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Fri, 8 Nov 2002 08:13:42 +1100
Subject: [Catalog-sig] Re: New proposal, with PEP
In-Reply-To: <fzudz0jf.fsf@python.net>
References: <200210260931.26702.rjones@ekit-inc.com> <200210270954.30130.rjones@ekit-inc.com> <fzudz0jf.fsf@python.net>
Message-ID: <200211080813.42764.rjones@ekit-inc.com>
On Fri, 8 Nov 2002 5:40 am, Thomas Heller wrote:
> Richard Jones <rjones@ekit-inc.com> writes:
> > On Sun, 27 Oct 2002 5:37 am, Martin v. Loewis wrote:
> > > But if
> > > that is the way to go, how is this different from the Vaults, or
> > > Freshmeat? If I were to look for Python packages, I'd look at
> >
> > Because:
> >
> > 1. there's no integration with distutils, and consequently no one-shot,
> > trivial mechanism for submitting metadata,
> > 2. neither of the above are hosted at python.org, and hence don't have
> > any of the legitemacy that that hosting would bring, and
> > 3. Freshmeat is a pain to use, and only supports open-source Linux
> > projects (or at a minimum open-source projects that are available on
> > Linux).
>
> Not a very satisfactory answer, IMO.
>
> Some time ago, the vaults have been the best place to find new python
> software.
For existing users of python, maybe. Even I tend to not use the vaults as much
as I should. New users certainly have no idea what the "Vaults of Parnassus"
might be, or that they actually are the most complete index of python stuff.
I believe my first two points are still quite valid. I would love to work with
the Vaults people, but I've attempted to contact them to no avail.
> Search engines have improved, bandwidths have improved, so nowadays I
> can certainly find interesting things with google *only*. Many things
> can simply be find by entering http://packageIwant.sf.net/ ;-).
You know the name of every package you want? Impressive.
Every package you want is hosted on sourceforge? Unbelievable.
> The only things I'm missing so far (but maybe I simply haven't found
> them) is a way to automatically find the URL of the newest version of
> a certain software package for a certain Python version, say Numeric,
> win32all, wxPython or whatever.
>
> So I believe the most important thing for a catalog is:
>
> - to provide actual up-to-date download URLs to the actual packages,
> indexed maybe by version and type(source, binary, platform)
>
> - an api to request and process this information from within Python.
The index I've developed is easily extensible to include a download URL (or
set of URLs). You're already working on the download handling with pypan.
I am attempting to achieve modest goals, in an effort to get _something_ done.
Richard
From pete@shinners.org Sat Nov 9 00:22:21 2002
From: pete@shinners.org (Pete Shinners)
Date: Fri, 08 Nov 2002 16:22:21 -0800
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
References: <200211062002.13815.rjones@ekit-inc.com>
Message-ID: <3DCC553D.1030504@shinners.org>
Richard Jones wrote:
> I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
> project to two new homes:
the latest round of fixes seems to have cleaned things up. my latest
submission attempt ended with "Server response (success): success".
although it appears my package is not online right now? i cannot see it in
the list, and i cannot search for it (perhaps it is hidden?). it should be
a "pygame-1.5.4", but i'm not sure where it went?
From theller@python.net Fri Nov 8 16:54:41 2002
From: theller@python.net (Thomas Heller)
Date: 08 Nov 2002 17:54:41 +0100
Subject: [Catalog-sig] Request password reset problem
Message-ID: <4ras6lym.fsf@python.net>
error
Traceback (most recent call last):
File "/home/rjones/src/pypi/webui.py", line 87, in run
self.inner_run()
File "/home/rjones/src/pypi/webui.py", line 177, in inner_run
action = self.form[':action'].value
AttributeError: value
From rjones@ekit-inc.com Fri Nov 8 22:03:06 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Sat, 9 Nov 2002 09:03:06 +1100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
In-Reply-To: <3DCC553D.1030504@shinners.org>
References: <200211062002.13815.rjones@ekit-inc.com> <3DCC553D.1030504@shinners.org>
Message-ID: <200211090903.06214.rjones@ekit-inc.com>
On Sat, 9 Nov 2002 11:22 am, Pete Shinners wrote:
> Richard Jones wrote:
> > I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
> > project to two new homes:
>
> the latest round of fixes seems to have cleaned things up. my latest
> submission attempt ended with "Server response (success): success".
>
> although it appears my package is not online right now? i cannot see it in
> the list, and i cannot search for it (perhaps it is hidden?). it should be
> a "pygame-1.5.4", but i'm not sure where it went?
Hurm. It is there. Not sure why the hidden flag was unset. I'll look into it.
FYI you can access the entry as:
http://www.amk.ca/cgi-bin/pypi.cgi?:action=display&name=pygame&version=1.5.4
And edit it to set the hidden flag to "No".
Richard
From rjones@ekit-inc.com Fri Nov 8 23:06:23 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Sat, 9 Nov 2002 10:06:23 +1100
Subject: [Catalog-sig] Request password reset problem
In-Reply-To: <4ras6lym.fsf@python.net>
References: <4ras6lym.fsf@python.net>
Message-ID: <200211091006.23169.rjones@ekit-inc.com>
On Sat, 9 Nov 2002 3:54 am, Thomas Heller wrote:
> error
>
> Traceback (most recent call last):
> File "/home/rjones/src/pypi/webui.py", line 87, in run
> self.inner_run()
> File "/home/rjones/src/pypi/webui.py", line 177, in inner_run
> action = self.form[':action'].value
> AttributeError: value
I'm going to need more information than this. How did you request the password
reset? What steps did you take. If through the web, which web browser are you
using? Unfortunately, I am unable to reproduce the error through any of the
resetting interfaces.
Richard
From rjones@ekit-inc.com Fri Nov 8 23:09:21 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Sat, 9 Nov 2002 10:09:21 +1100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
In-Reply-To: <200211090903.06214.rjones@ekit-inc.com>
References: <200211062002.13815.rjones@ekit-inc.com> <3DCC553D.1030504@shinners.org> <200211090903.06214.rjones@ekit-inc.com>
Message-ID: <200211091009.21081.rjones@ekit-inc.com>
On Sat, 9 Nov 2002 9:03 am, Richard Jones wrote:
> On Sat, 9 Nov 2002 11:22 am, Pete Shinners wrote:
> > Richard Jones wrote:
> > > I've moved the Python Package Index (PyPI, which I pronounce as
> > > pih-pee) project to two new homes:
> >
> > the latest round of fixes seems to have cleaned things up. my latest
> > submission attempt ended with "Server response (success): success".
> >
> > although it appears my package is not online right now? i cannot see it
> > in the list, and i cannot search for it (perhaps it is hidden?). it
> > should be a "pygame-1.5.4", but i'm not sure where it went?
>
> Hurm. It is there. Not sure why the hidden flag was unset. I'll look into
> it.
This is fixed now.
Richard
From paul@prescod.net Fri Nov 8 23:51:04 2002
From: paul@prescod.net (Paul Prescod)
Date: Fri, 08 Nov 2002 15:51:04 -0800
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
References: <200211062002.13815.rjones@ekit-inc.com> <lm45z1j4.fsf@python.net>
Message-ID: <3DCC4DE8.2000706@prescod.net>
Thomas Heller wrote:
> Richard, a small additional thing:
>
> You always seem to do GET requests.
>
> This means, for requesting a login, the initial password
> is part of the URL, and chances are high, that this URL will show up
> in someone's referrer logs. Not nice, IMO.
>
> I probably don't know the rules completely, but this is what I do,
> and it makes sense to me:
>
> - When a request changes something on the server, do a POST.
>
> - When an URL searches for something, do a GET, so that I can bookmark
> it.
Those rules are quite right and according to the HTTP specification.
> - Otherwise, decide from case to case.
There are very few other cases.
Also, HTTP has a way of doing username and passwords so there should
seldom be a requirement to pass them as data instead of in the protocol
headers.
Paul Prescod
From rjones@ekit-inc.com Sat Nov 9 01:36:07 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Sat, 9 Nov 2002 12:36:07 +1100
Subject: [Catalog-sig] UPDATE: PyPI - Python Package Index
In-Reply-To: <3DCC4DE8.2000706@prescod.net>
References: <200211062002.13815.rjones@ekit-inc.com> <lm45z1j4.fsf@python.net> <3DCC4DE8.2000706@prescod.net>
Message-ID: <200211091236.07965.rjones@ekit-inc.com>
On Sat, 9 Nov 2002 10:51 am, Paul Prescod wrote:
> Also, HTTP has a way of doing username and passwords so there should
> seldom be a requirement to pass them as data instead of in the protocol
> headers.
*nod* they're only ever passed in a POST during rego.
Richard
From gstein@lyra.org Tue Nov 12 02:18:18 2002
From: gstein@lyra.org (Greg Stein)
Date: Mon, 11 Nov 2002 18:18:18 -0800
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <E18BNHC-0008Md-00@lairds.org>; from max@alcyone.com on Mon, Nov 11, 2002 at 05:43:26PM -0500
References: <E18BNHC-0008Md-00@lairds.org>
Message-ID: <20021111181818.C6554@lyra.org>
On Mon, Nov 11, 2002 at 05:43:26PM -0500, Erik Max Francis wrote:
>...
> Richard Jones proposes PEP 301, detailing some extensions to the
> Distutils packaging system:
> http://www.python.org/peps/pep-0301.html
Hey Richard,
In the PEP, you wrote:
"The index server will return custom headers (inspired by PEP 243) which
the register command will use to give feedback to the user:"
It is Not Good to return status in headers like that. The HTTP Status Line
should be used. I said the same thing about PEP 243, but the author of that
PEP blew me off and did not include my commentary in the PEP (which a PEP is
supposed to do: list all commentary and views so that you get the various
angles and don't have to revisit the same crap over and over).
See my post to the distutils-sig:
http://mail.python.org/pipermail/distutils-sig/2001-March/002262.html
The same commentary applies to PEP 301. If HTTP is to be used as the
transport, then it should be used properly...
(and yah, I'm still cranky at Sean for disregarding how the PEP process is
supposed to work... especially as PEP 243's design was taken as a given and
now incorporated into 301; if it *had* included an alternate viewpoint,
then that could have been reviewed for 301... sigh)
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
From theller@python.net Tue Nov 12 12:41:38 2002
From: theller@python.net (Thomas Heller)
Date: 12 Nov 2002 13:41:38 +0100
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <20021111181818.C6554@lyra.org>
References: <E18BNHC-0008Md-00@lairds.org> <20021111181818.C6554@lyra.org>
Message-ID: <1y5rvu2l.fsf@python.net>
Greg Stein <gstein@lyra.org> writes:
> On Mon, Nov 11, 2002 at 05:43:26PM -0500, Erik Max Francis wrote:
> >...
> > Richard Jones proposes PEP 301, detailing some extensions to the
> > Distutils packaging system:
> > http://www.python.org/peps/pep-0301.html
>
> Hey Richard,
>
> In the PEP, you wrote:
>
> "The index server will return custom headers (inspired by PEP 243) which
> the register command will use to give feedback to the user:"
>
> It is Not Good to return status in headers like that. The HTTP Status Line
> should be used. I said the same thing about PEP 243, but the author of that
> PEP blew me off and did not include my commentary in the PEP (which a PEP is
> supposed to do: list all commentary and views so that you get the various
> angles and don't have to revisit the same crap over and over).
>
> See my post to the distutils-sig:
>
> http://mail.python.org/pipermail/distutils-sig/2001-March/002262.html
>
> The same commentary applies to PEP 301. If HTTP is to be used as the
> transport, then it should be used properly...
>
> (and yah, I'm still cranky at Sean for disregarding how the PEP process is
> supposed to work... especially as PEP 243's design was taken as a given and
> now incorporated into 301; if it *had* included an alternate viewpoint,
> then that could have been reviewed for 301... sigh)
I have a re-implementation of PEP 243 without using non-standard HTTP headers,
you can find a description in one of the recent posts to catalog-sig.
Actually without using any HTTP headers at all in the client code...
How would you set standard HTTP headers in a CGI script?
Or does the server only add them if they are not found in the
CGI output?
Thomas
From theller@python.net Tue Nov 12 18:24:04 2002
From: theller@python.net (Thomas Heller)
Date: 12 Nov 2002 19:24:04 +0100
Subject: [Catalog-sig] Request password reset problem
In-Reply-To: <200211091006.23169.rjones@ekit-inc.com>
References: <4ras6lym.fsf@python.net> <200211091006.23169.rjones@ekit-inc.com>
Message-ID: <pttave7v.fsf@python.net>
Richard Jones <rjones@ekit-inc.com> writes:
> On Sat, 9 Nov 2002 3:54 am, Thomas Heller wrote:
> > error
> >
> > Traceback (most recent call last):
> > File "/home/rjones/src/pypi/webui.py", line 87, in run
> > self.inner_run()
> > File "/home/rjones/src/pypi/webui.py", line 177, in inner_run
> > action = self.form[':action'].value
> > AttributeError: value
>
> I'm going to need more information than this. How did you request the password
> reset? What steps did you take. If through the web, which web browser are you
> using? Unfortunately, I am unable to reproduce the error through any of the
> resetting interfaces.
Yes, it was very terse.
Occurs both with MSIE6 and Mozilla 1.1, running under Win2K SP3,
with this URL
http://www.amk.ca/cgi-bin/pypi.cgi?:action=forgotten_password_form
when I enter 'theller' (without the quotes) in the Username entry field.
Thomas
From Juergen Hermann" <jh@web.de Tue Nov 12 19:29:33 2002
From: Juergen Hermann" <jh@web.de (Juergen Hermann)
Date: Tue, 12 Nov 2002 20:29:33 +0100
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <1y5rvu2l.fsf@python.net>
Message-ID: <E18Bgiw-0004ou-00@smtp.web.de>
On 12 Nov 2002 13:41:38 +0100, Thomas Heller wrote:
>How would you set standard HTTP headers in a CGI script?
>Or does the server only add them if they are not found in the
>CGI output?
You send a header like "Status: 200 OK", preferably as the first one.
Works for Apache, don't know if that one is official (but then, what is =
official with CGI).
Ciao, J=FCrgen
From theller@python.net Wed Nov 13 07:16:34 2002
From: theller@python.net (Thomas Heller)
Date: 13 Nov 2002 08:16:34 +0100
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <20021112175013.I8744@lyra.org>
References: <E18BNHC-0008Md-00@lairds.org> <20021111181818.C6554@lyra.org>
<1y5rvu2l.fsf@python.net> <20021112175013.I8744@lyra.org>
Message-ID: <8yzyuegd.fsf@python.net>
Greg Stein <gstein@lyra.org> writes:
> On Tue, Nov 12, 2002 at 01:41:38PM +0100, Thomas Heller wrote:
> >...
> > I have a re-implementation of PEP 243 without using non-standard HTTP headers,
> > you can find a description in one of the recent posts to catalog-sig.
>
> Ah. Good. It would be nice if information about that got back into the PEP.
>
So someone has to propose a patch for the PEP, or takeover ownership, or...
> To be honest, I'm not going to jump right in and start using the code or
> anything like that. I'm just making a little contribution here based on my
> experience with and knowledge of HTTP.
>
> > Actually without using any HTTP headers at all in the client code...
> >
> > How would you set standard HTTP headers in a CGI script?
> > Or does the server only add them if they are not found in the
> > CGI output?
>
> The server will set any of standard headers which are appropriate (possibly
> overriding any the CGI sets), but some web servers will provide a way to
> avoid adding any header. In Apache, if the script starts with "nph-" or
Ah. I remember something about non-parsed-headers. Right?
> somesuch, then Apache will just stream the CGI output right into the socket.
> The CGI is then responsible for getting everything right.
>
Thanks,
Thomas
From gstein@lyra.org Wed Nov 13 01:50:13 2002
From: gstein@lyra.org (Greg Stein)
Date: Tue, 12 Nov 2002 17:50:13 -0800
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <1y5rvu2l.fsf@python.net>; from theller@python.net on Tue, Nov 12, 2002 at 01:41:38PM +0100
References: <E18BNHC-0008Md-00@lairds.org> <20021111181818.C6554@lyra.org> <1y5rvu2l.fsf@python.net>
Message-ID: <20021112175013.I8744@lyra.org>
On Tue, Nov 12, 2002 at 01:41:38PM +0100, Thomas Heller wrote:
>...
> I have a re-implementation of PEP 243 without using non-standard HTTP headers,
> you can find a description in one of the recent posts to catalog-sig.
Ah. Good. It would be nice if information about that got back into the PEP.
To be honest, I'm not going to jump right in and start using the code or
anything like that. I'm just making a little contribution here based on my
experience with and knowledge of HTTP.
> Actually without using any HTTP headers at all in the client code...
>
> How would you set standard HTTP headers in a CGI script?
> Or does the server only add them if they are not found in the
> CGI output?
The server will set any of standard headers which are appropriate (possibly
overriding any the CGI sets), but some web servers will provide a way to
avoid adding any header. In Apache, if the script starts with "nph-" or
somesuch, then Apache will just stream the CGI output right into the socket.
The CGI is then responsible for getting everything right.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
From gstein@lyra.org Wed Nov 13 01:50:56 2002
From: gstein@lyra.org (Greg Stein)
Date: Tue, 12 Nov 2002 17:50:56 -0800
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <E18Bgiw-0004ou-00@smtp.web.de>; from jh@web.de on Tue, Nov 12, 2002 at 08:29:33PM +0100
References: <1y5rvu2l.fsf@python.net> <E18Bgiw-0004ou-00@smtp.web.de>
Message-ID: <20021112175056.J8744@lyra.org>
On Tue, Nov 12, 2002 at 08:29:33PM +0100, Juergen Hermann wrote:
> On 12 Nov 2002 13:41:38 +0100, Thomas Heller wrote:
> >How would you set standard HTTP headers in a CGI script?
> >Or does the server only add them if they are not found in the
> >CGI output?
>
> You send a header like "Status: 200 OK", preferably as the first one.
> Works for Apache, don't know if that one is official (but then, what is
> official with CGI).
CGI is reasonably official: http://cgi-spec.golux.com/
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
From rjones@ekit-inc.com Wed Nov 13 10:32:29 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Wed, 13 Nov 2002 21:32:29 +1100
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <20021111181818.C6554@lyra.org>
References: <E18BNHC-0008Md-00@lairds.org> <20021111181818.C6554@lyra.org>
Message-ID: <200211132132.29982.rjones@ekit-inc.com>
On Tue, 12 Nov 2002 1:18 pm, Greg Stein wrote:
> On Mon, Nov 11, 2002 at 05:43:26PM -0500, Erik Max Francis wrote:
> >...
> > Richard Jones proposes PEP 301, detailing some extensions to the
> > Distutils packaging system:
> > http://www.python.org/peps/pep-0301.html
>
> Hey Richard,
Hiya, I'm actually on leave at the moment, but I'll try to address these
comments ASAP.
> In the PEP, you wrote:
>
> "The index server will return custom headers (inspired by PEP 243)
> which the register command will use to give feedback to the user:"
>
> It is Not Good to return status in headers like that. The HTTP Status Line
> should be used. I said the same thing about PEP 243, but the author of that
> PEP blew me off and did not include my commentary in the PEP (which a PEP
> is supposed to do: list all commentary and views so that you get the
> various angles and don't have to revisit the same crap over and over).
>
> See my post to the distutils-sig:
>
> http://mail.python.org/pipermail/distutils-sig/2001-March/002262.html
I'll definitely take your comments on board. I'll read up on the full range of
HTTP response codes and see how they apply to this situation.
Richard
From jafo@tummy.com Thu Nov 14 04:00:44 2002
From: jafo@tummy.com (Sean Reifschneider)
Date: Wed, 13 Nov 2002 21:00:44 -0700
Subject: [Catalog-sig] Re: Dr. Dobb's Python-URL! - weekly Python news and links (Nov 11)
In-Reply-To: <20021111181818.C6554@lyra.org>
References: <E18BNHC-0008Md-00@lairds.org> <20021111181818.C6554@lyra.org>
Message-ID: <20021114040044.GB26638@tummy.com>
On Mon, Nov 11, 2002 at 06:18:18PM -0800, Greg Stein wrote:
>(and yah, I'm still cranky at Sean for disregarding how the PEP process is
Sorry you're cranky...
It boiled down to my running out of time to work on that process. Any
particular reason you didn't submit a patch to the PEP that I could
apply and ship on up-stream that encapsulated your comments?
Perhaps a change to the PEP process would help this in the future.
One option could be an additional status in the PEP so that down-stream
consumers or producers of new PEPs would have an idea of wether the PEP
they were basing something on was "accepted" or "stable" or "firm".
Another possibility is for producers of new PEPs to contact authors of
PEPs that they're planning on basing it on to ensure that there are no
outstanding issues that should be addressed?
Sean
--
I've been going to this high-school for seven and a half years. I'm no
dummy... -- Better Off Dead
Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com>
tummy.com, ltd. - Linux Consulting since 1995. Qmail, Python, SysAdmin
From rjones@ekit-inc.com Thu Nov 21 02:14:15 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Thu, 21 Nov 2002 13:14:15 +1100
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
Message-ID: <200211211314.15032.rjones@ekit-inc.com>
[if you reply to this message, please only reply to one of the mailing lists!]
Hi everyone,
PEP 301 has been updated:
- changes to the success/failure indicators used by the register.py
command. Originally I had copied the idea of using X-PyPI-* headers
from PEP 243. Upon advice from Greg Stein, I have switched to using
HTTP response codes.
- clarifications to Roles
- added PKG-INFO upload interface
- included overview of online index database schema
- updated deliverables in the Reference Implementation section
- included implememtation detail for "classifiers" keyword
- have implemented the trove classifiers, so various parts of the
PEP to reflect reality
Also, the web interface and register distutils command have had some
development work too:
- added Trove metadata to the database, including registration of it,
verification and dumping
- added "latest stable" release field (unused at the moment)
- handle multiline descriptions in PKG-INFO uploads (yay for the email
package)
- switched from X-Pypi-* headers to HTTP response codes as per PEP
- lots of HTML interface cleaning including better stylesheet usage and
a nicer navigation bar, better support for logging in and out and
finally a single place to go for submitting information
There's still a bit to do, but I'd rather wait until I know whether the PEP is
to be accepted or not before I start applying spit-n-polish :)
Links:
PEP: http://www.python.org/peps/pep-0301.html
Web: http://www.amk.ca/cgi-bin/pypi.cgi
Richard
From cliechti@gmx.net Thu Nov 21 03:42:18 2002
From: cliechti@gmx.net (Chris Liechti)
Date: Thu, 21 Nov 2002 04:42:18 +0100
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
In-Reply-To: <200211211314.15032.rjones@ekit-inc.com>
Message-ID: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock>
hi Richard
i think this is a bug: "index" is greyed out in the view for the search results so one can't get back to the full list (except trough the
browsers back button)
why is only the version clickable and not the name of a package? i would find it more natural to click on the package name.
getting the startup page seems to be a bit slow. it takes around 1s and i guess it will get realy worse if you add many more packets
to the index and have many users accessing the cgi. i guess displaying the whole list will get impractical anyway, when there are
hunderts of entries...
why is the "IP Address" in the journal? that doesn't do good. you're delivering numbers for attacks and for a user verification are they
useless (dialup, DHCP, etc) just leave it away.
and maybe there should be an option to hide the email address. i could think that some people don't want their address on the web
(to be collected by search engines and spammers). e.g. _you_ don't have your email in the "author" line at the bottom of the page ;-)
PyXML shows up twice in the index.
anyway. it looks nice.
chris
From rjones@ekit-inc.com Thu Nov 21 04:05:37 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Thu, 21 Nov 2002 15:05:37 +1100
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
In-Reply-To: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock>
References: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock>
Message-ID: <200211211505.37387.rjones@ekit-inc.com>
On Thu, 21 Nov 2002 2:42 pm, Chris Liechti wrote:
> i think this is a bug: "index" is greyed out in the view for the search
> results so one can't get back to the full list (except trough the browsers
> back button)
Yep, fixing that.
> why is only the version clickable and not the name of a package? i would
> find it more natural to click on the package name.
After using it a bit, I agree.
> getting the startup page seems to be a bit slow. it takes around 1s and i
> guess it will get realy worse if you add many more packets to the index and
> have many users accessing the cgi.
The query time to list a thousand entries is only fractionally longer than the
current list. Most of the current delay is the normal cgi-bin fork/exec/load
time.
> i guess displaying the whole list will
> get impractical anyway, when there are hunderts of entries...
That's correct - I expect the front page to eventually have the Trove
categories for package discovery and maybe a list of the top ten most recent
updates, and maybe in the distant future the most popular packages, and so
on...
> why is the "IP Address" in the journal? that doesn't do good. you're
> delivering numbers for attacks and for a user verification are they useless
> (dialup, DHCP, etc) just leave it away.
I'll hide it, but it can be useful sometimes to determine the origin of
information.
> and maybe there should be an option to hide the email address. i could
> think that some people don't want their address on the web (to be collected
> by search engines and spammers)
Any suggestions? I could make it a per-package option. I could alternatively
mangle the address to make it less obvious to scrapers.
> PyXML shows up twice in the index.
That's because two versions were submitted. I'll eventually look into using
the "latest stable" field to figure the version to display, and maybe the
> anyway. it looks nice.
Thanks.
Richard
From rjones@ekit-inc.com Thu Nov 21 04:12:13 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Thu, 21 Nov 2002 15:12:13 +1100
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
In-Reply-To: <200211211505.37387.rjones@ekit-inc.com>
References: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock> <200211211505.37387.rjones@ekit-inc.com>
Message-ID: <200211211512.13904.rjones@ekit-inc.com>
[sorry, hit send before finishing email - bad richard]
On Thu, 21 Nov 2002 3:05 pm, Richard Jones wrote:
> On Thu, 21 Nov 2002 2:42 pm, Chris Liechti wrote:
> > PyXML shows up twice in the index.
>
> That's because two versions were submitted. I'll eventually look into using
> the "latest stable" field to figure the version to display, and maybe the
.. distutils LooseVersion class functionality if that's not nominated.
Richard
From rjones@ekit-inc.com Thu Nov 21 04:15:34 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Thu, 21 Nov 2002 15:15:34 +1100
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
In-Reply-To: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock>
References: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock>
Message-ID: <200211211515.34702.rjones@ekit-inc.com>
On Thu, 21 Nov 2002 2:42 pm, Chris Liechti wrote:
> PyXML shows up twice in the index.
I should also point out that you can hide versions from the main index using
the "hidden" flag on the edit page.
Richard
From oliver@rutherfurd.net Thu Nov 21 04:28:43 2002
From: oliver@rutherfurd.net (Oliver Rutherfurd)
Date: Wed, 20 Nov 2002 23:28:43 -0500
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
References: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock> <200211211505.37387.rjones@ekit-inc.com>
Message-ID: <003a01c29116$7a91d1c0$8b64010a@appdevlaptop001>
----- Original Message -----
From: "Richard Jones" <rjones@ekit-inc.com>
To: "Chris Liechti" <cliechti@gmx.net>; <catalog-sig@python.org>
Sent: Wednesday, November 20, 2002 11:05 PM
Subject: Re: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata
for Distutils
[snipped]
[Chris Liechti wrote]
> > and maybe there should be an option to hide the email address. i could
> > think that some people don't want their address on the web (to be
collected
> > by search engines and spammers)
[Richard Jones replied]
> Any suggestions? I could make it a per-package option. I could
alternatively
> mangle the address to make it less obvious to scrapers.
In HTML output generated by Docutils, the '@' in mailto: links is replaced
with '@'.
Maybe that and displaying 'user at blah' would make it a little less
obvious.
-Ollie
From rjones@ekit-inc.com Thu Nov 21 04:50:09 2002
From: rjones@ekit-inc.com (Richard Jones)
Date: Thu, 21 Nov 2002 15:50:09 +1100
Subject: [Catalog-sig] [updates] PEP 301 -- Package Index and Metadata for Distutils
In-Reply-To: <003a01c29116$7a91d1c0$8b64010a@appdevlaptop001>
References: <0796ZVZWXTB8QLON1ZRQCAUTOIIH64M.3ddc561a@rock> <200211211505.37387.rjones@ekit-inc.com> <003a01c29116$7a91d1c0$8b64010a@appdevlaptop001>
Message-ID: <200211211550.09410.rjones@ekit-inc.com>
On Thu, 21 Nov 2002 3:28 pm, Oliver Rutherfurd wrote:
> In HTML output generated by Docutils, the '@' in mailto: links is replaced
> with '@'.
I wasn't going to put a mailto: link in - that seemed like too much of a
gimme.
> Maybe that and displaying 'user at blah' would make it a little less
> obvious.
In Roundup, I actually do the "user at blah" but if it's user@blah.com, " drop
the last part so it becomes "user at blah ...". The between Roundup and here
is that we don't actually need to see the full address in Roundup. Here, it's
actually useful to display the contact email.
I'll initially use "@"->" at " and "." -> " ".
Richard