From techtonik at gmail.com Wed Jun 1 17:14:37 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Wed, 1 Jun 2011 18:14:37 +0300
Subject: [Catalog-sig] [issue12226] use secured channel for uploading
packages to pypi
In-Reply-To: <1306926375.33.0.744842539574.issue12226@psf.upfronthosting.co.za>
References: <1306860665.45.0.32361907398.issue12226@psf.upfronthosting.co.za>
<1306926375.33.0.744842539574.issue12226@psf.upfronthosting.co.za>
Message-ID: <BANLkTi=sQ9qDPibkXJiqxEmkaTNKMKaq8w@mail.gmail.com>
On Wed, Jun 1, 2011 at 2:06 PM, Barry A. Warsaw <report at bugs.python.org> wrote:
>
> Barry A. Warsaw <barry at python.org> added the comment:
>
> Given that 2.6.7 is rc2 with a final release scheduled in 2 days, I don't want to apply this to 2.6 right now. ?Can you guarantee this won't regress for anybody? ?If so, then I'm also +0 for 2.6 after the 2.6.7 release.
Adding catalog-sig to CC. I can guarantee this for Windows. I'll be
near Linux box tomorrow and will try upload to PyPI from there. It
still will be more authoritative if more than one person can test
upload to PyPI with this patch on different systems.
--
anatoly t.
From fdrake at acm.org Wed Jun 1 17:17:25 2011
From: fdrake at acm.org (Fred Drake)
Date: Wed, 1 Jun 2011 11:17:25 -0400
Subject: [Catalog-sig] [issue12226] use secured channel for uploading
packages to pypi
In-Reply-To: <BANLkTi=sQ9qDPibkXJiqxEmkaTNKMKaq8w@mail.gmail.com>
References: <1306860665.45.0.32361907398.issue12226@psf.upfronthosting.co.za>
<1306926375.33.0.744842539574.issue12226@psf.upfronthosting.co.za>
<BANLkTi=sQ9qDPibkXJiqxEmkaTNKMKaq8w@mail.gmail.com>
Message-ID: <BANLkTimZ7OErL+7XJO+Gu0UHLBa=z1bY3Q@mail.gmail.com>
On Wed, Jun 1, 2011 at 11:14 AM, anatoly techtonik <techtonik at gmail.com> wrote:
> Adding catalog-sig to CC. I can guarantee this for Windows. I'll be
> near Linux box tomorrow and will try upload to PyPI from there. It
> still will be more authoritative if more than one person can test
> upload to PyPI with this patch on different systems.
The interesting case will be for a build that doesn't include SSL support.
-Fred
--
Fred L. Drake, Jr.? ? <fdrake at acm.org>
"Give me the luxuries of life and I will willingly do without the necessities."
?? --Frank Lloyd Wright
From ziade.tarek at gmail.com Wed Jun 1 17:22:49 2011
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Wed, 1 Jun 2011 17:22:49 +0200
Subject: [Catalog-sig] [issue12226] use secured channel for uploading
packages to pypi
In-Reply-To: <BANLkTimZ7OErL+7XJO+Gu0UHLBa=z1bY3Q@mail.gmail.com>
References: <1306860665.45.0.32361907398.issue12226@psf.upfronthosting.co.za>
<1306926375.33.0.744842539574.issue12226@psf.upfronthosting.co.za>
<BANLkTi=sQ9qDPibkXJiqxEmkaTNKMKaq8w@mail.gmail.com>
<BANLkTimZ7OErL+7XJO+Gu0UHLBa=z1bY3Q@mail.gmail.com>
Message-ID: <BANLkTi=Ha-nHor3FGoiz5wRV+UsF1WKwyA@mail.gmail.com>
On Wed, Jun 1, 2011 at 5:17 PM, Fred Drake <fdrake at acm.org> wrote:
> On Wed, Jun 1, 2011 at 11:14 AM, anatoly techtonik <techtonik at gmail.com> wrote:
>> Adding catalog-sig to CC. I can guarantee this for Windows. I'll be
>> near Linux box tomorrow and will try upload to PyPI from there. It
>> still will be more authoritative if more than one person can test
>> upload to PyPI with this patch on different systems.
>
> The interesting case will be for a build that doesn't include SSL support.
Yeah.. We do have in packaging a way to test against a PyPI server
that gets launched on a real socket, so what we could do is:
1/ add a test that tries to upload and register via ssh
2/ make sure it fallbacks to http if _ssl is not found
>
>
> ?-Fred
>
> --
> Fred L. Drake, Jr.? ? <fdrake at acm.org>
> "Give me the luxuries of life and I will willingly do without the necessities."
> ?? --Frank Lloyd Wright
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
--
Tarek Ziad? | http://ziade.org
From chris at simplistix.co.uk Fri Jun 3 09:08:24 2011
From: chris at simplistix.co.uk (Chris Withers)
Date: Fri, 03 Jun 2011 08:08:24 +0100
Subject: [Catalog-sig] Is this spam?
Message-ID: <4DE88868.8020402@simplistix.co.uk>
This package:
http://pypi.python.org/pypi/PDFTron%20PDFNet%20SDK%20for%20Python/5.7
...feels a lot like spam.
The mention of Python if you follow through to their page is pretty
minimal. Not sure it belongs on PyPI.
What do others think?
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
From martin at v.loewis.de Fri Jun 3 10:02:19 2011
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 03 Jun 2011 10:02:19 +0200
Subject: [Catalog-sig] Is this spam?
In-Reply-To: <4DE88868.8020402@simplistix.co.uk>
References: <4DE88868.8020402@simplistix.co.uk>
Message-ID: <4DE8950B.3060701@v.loewis.de>
Am 03.06.2011 09:08, schrieb Chris Withers:
> This package:
>
> http://pypi.python.org/pypi/PDFTron%20PDFNet%20SDK%20for%20Python/5.7
>
> ...feels a lot like spam.
>
> The mention of Python if you follow through to their page is pretty
> minimal. Not sure it belongs on PyPI.
>
> What do others think?
They do have a full Python API, with examples and all (see
PDFNetC64.tar.gz). So it seems fine to me.
Martin
From mal at egenix.com Fri Jun 3 10:17:26 2011
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 03 Jun 2011 10:17:26 +0200
Subject: [Catalog-sig] Is this spam?
In-Reply-To: <4DE88868.8020402@simplistix.co.uk>
References: <4DE88868.8020402@simplistix.co.uk>
Message-ID: <4DE89896.2090508@egenix.com>
Chris Withers wrote:
> This package:
>
> http://pypi.python.org/pypi/PDFTron%20PDFNet%20SDK%20for%20Python/5.7
>
> ...feels a lot like spam.
>
> The mention of Python if you follow through to their page is pretty
> minimal. Not sure it belongs on PyPI.
>
> What do others think?
Have you tried downloading their SDK ?
http://www.pdftron.com/pdfnet/downloads.html
It comes with a Python wrapper for their library, so it's legitimate.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jun 03 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2011-05-23: Released eGenix mx Base 3.2.0 http://python.egenix.com/
2011-05-25: Released mxODBC 3.1.1 http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy 17 days to go
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From tjreedy at udel.edu Fri Jun 3 22:22:39 2011
From: tjreedy at udel.edu (Terry Reedy)
Date: Fri, 03 Jun 2011 16:22:39 -0400
Subject: [Catalog-sig] Is this spam?
In-Reply-To: <4DE89896.2090508@egenix.com>
References: <4DE88868.8020402@simplistix.co.uk> <4DE89896.2090508@egenix.com>
Message-ID: <isbfqg$5g4$1@dough.gmane.org>
On 6/3/2011 4:17 AM, M.-A. Lemburg wrote:
> Chris Withers wrote:
>> This package:
>>
>> http://pypi.python.org/pypi/PDFTron%20PDFNet%20SDK%20for%20Python/5.7
>>
>> ...feels a lot like spam.
>>
>> The mention of Python if you follow through to their page is pretty
>> minimal. Not sure it belongs on PyPI.
>>
>> What do others think?
>
> Have you tried downloading their SDK ?
>
> http://www.pdftron.com/pdfnet/downloads.html
>
> It comes with a Python wrapper for their library, so it's legitimate.
I am a bit confused about what is considered eligible for listing on PyPI.
http://pypi.python.org/pypi says only
The Python Package Index is a repository of software for the Python
programming language.
http://wiki.python.org/moin/CheeseShopTutorial says
If you have some free software or open source modules that you've
polished up and would like to contribute,
but perhaps that was not meant to exclude other software or perhaps it
is obsolete.
--
Terry Jan Reedy
From mal at egenix.com Fri Jun 3 23:11:29 2011
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 03 Jun 2011 23:11:29 +0200
Subject: [Catalog-sig] Is this spam?
In-Reply-To: <isbfqg$5g4$1@dough.gmane.org>
References: <4DE88868.8020402@simplistix.co.uk> <4DE89896.2090508@egenix.com>
<isbfqg$5g4$1@dough.gmane.org>
Message-ID: <4DE94E01.7050700@egenix.com>
Terry Reedy wrote:
> On 6/3/2011 4:17 AM, M.-A. Lemburg wrote:
>> Chris Withers wrote:
>>> This package:
>>>
>>> http://pypi.python.org/pypi/PDFTron%20PDFNet%20SDK%20for%20Python/5.7
>>>
>>> ...feels a lot like spam.
>>>
>>> The mention of Python if you follow through to their page is pretty
>>> minimal. Not sure it belongs on PyPI.
>>>
>>> What do others think?
>>
>> Have you tried downloading their SDK ?
>>
>> http://www.pdftron.com/pdfnet/downloads.html
>>
>> It comes with a Python wrapper for their library, so it's legitimate.
>
> I am a bit confused about what is considered eligible for listing on PyPI.
>
> http://pypi.python.org/pypi says only
> The Python Package Index is a repository of software for the Python
> programming language.
This is the official reading.
> http://wiki.python.org/moin/CheeseShopTutorial says
> If you have some free software or open source modules that you've
> polished up and would like to contribute,
>
> but perhaps that was not meant to exclude other software or perhaps it
> is obsolete.
I think it's just the personal opinion of someone who edited the
wiki. It's fixed now.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jun 03 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2011-05-23: Released eGenix mx Base 3.2.0 http://python.egenix.com/
2011-05-25: Released mxODBC 3.1.1 http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy 17 days to go
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From martin at v.loewis.de Fri Jun 3 23:22:18 2011
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 03 Jun 2011 23:22:18 +0200
Subject: [Catalog-sig] Is this spam?
In-Reply-To: <isbfqg$5g4$1@dough.gmane.org>
References: <4DE88868.8020402@simplistix.co.uk> <4DE89896.2090508@egenix.com>
<isbfqg$5g4$1@dough.gmane.org>
Message-ID: <4DE9508A.9080004@v.loewis.de>
> I am a bit confused about what is considered eligible for listing on PyPI.
The Python Package Index is meant to be an Index of Python Packages.
Regards,
Martin
From stefan-usenet at bytereef.org Sat Jun 4 10:22:37 2011
From: stefan-usenet at bytereef.org (Stefan Krah)
Date: Sat, 4 Jun 2011 10:22:37 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front page
Message-ID: <20110604082237.GA32282@sleipnir.bytereef.org>
Hi,
related to http://bugs.python.org/issue12226, I think it would be nice to
add a link to the SSL connection to the PyPI front page:
--- a/pypi.html 2011-06-04 10:05:47.000000000 +0200
+++ b/pypi.html 2011-06-04 10:05:41.000000000 +0200
@@ -177,6 +177,19 @@
<br clear="right">
+<div id="document-navigation" style="width: 30%; float: left; display: inline; padding: 4px;">
+<b>Secure connection</b>
+<p style="margin-bottom: 0px;">
+PyPI offers a secure connection:
+"<a href="https://pypi.python.org/pypi">https://pypi.python.org/pypi</a>".
+The PyPI server certificate is signed by CAcert. On some systems
+(Windows, Ubuntu), CAcert is not a trusted authority by default.
+In order to use the SSL connection properly, import the
+"<a href="http://www.cacert.org/index.php?id=3">CAcert Intermediate Certificate</a>".
+into the browser. Make sure that you use the <em>Class 3 PKI Key</em> certificate.
+</p>
+</div>
+
<div id="document-navigation" style="margin-left: 0px; width: 30%; float: left; display: inline; padding: 4px;">
<b>Get Packages</b>
<p style="margin-bottom: 0px;">
Stefan Krah
From jannis at leidel.info Sat Jun 4 17:38:40 2011
From: jannis at leidel.info (Jannis Leidel)
Date: Sat, 4 Jun 2011 17:38:40 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <20110604082237.GA32282@sleipnir.bytereef.org>
References: <20110604082237.GA32282@sleipnir.bytereef.org>
Message-ID: <D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info>
> Hi,
>
> related to http://bugs.python.org/issue12226, I think it would be nice to
> add a link to the SSL connection to the PyPI front page:
Which makes me wonder, why is it that PyPI doesn't use a universally
accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
myself but would prefer using a cert by one of the commercial CAs for
the sake of the users.
Any opinions?
Jannis
> --- a/pypi.html 2011-06-04 10:05:47.000000000 +0200
> +++ b/pypi.html 2011-06-04 10:05:41.000000000 +0200
> @@ -177,6 +177,19 @@
>
> <br clear="right">
>
> +<div id="document-navigation" style="width: 30%; float: left; display: inline; padding: 4px;">
> +<b>Secure connection</b>
> +<p style="margin-bottom: 0px;">
> +PyPI offers a secure connection:
> +"<a href="https://pypi.python.org/pypi">https://pypi.python.org/pypi</a>".
> +The PyPI server certificate is signed by CAcert. On some systems
> +(Windows, Ubuntu), CAcert is not a trusted authority by default.
> +In order to use the SSL connection properly, import the
> +"<a href="http://www.cacert.org/index.php?id=3">CAcert Intermediate Certificate</a>".
> +into the browser. Make sure that you use the <em>Class 3 PKI Key</em> certificate.
> +</p>
> +</div>
> +
> <div id="document-navigation" style="margin-left: 0px; width: 30%; float: left; display: inline; padding: 4px;">
> <b>Get Packages</b>
> <p style="margin-bottom: 0px;">
>
>
>
> Stefan Krah
>
>
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
From martin at v.loewis.de Sat Jun 4 17:48:01 2011
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Sat, 04 Jun 2011 17:48:01 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info>
References: <20110604082237.GA32282@sleipnir.bytereef.org>
<D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info>
Message-ID: <4DEA53B1.603@v.loewis.de>
> Which makes me wonder, why is it that PyPI doesn't use a universally
> accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
> myself but would prefer using a cert by one of the commercial CAs for
> the sake of the users.
>
> Any opinions?
Primarily because of lack of volunteer time. Buying a certificate is
a big effort, issuing a cacert one is simple.
And before anybody says "no, it's not difficult", or "no, it shouldn't
be difficult", please consider volunteering for the next ten years to
manage the PSF server certificates (as one of the key problems that
makes it difficult is that responsibilities change so often with
volunteers).
Regards,
Martin
From mal at egenix.com Sat Jun 4 22:30:11 2011
From: mal at egenix.com (M.-A. Lemburg)
Date: Sat, 04 Jun 2011 22:30:11 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <4DEA53B1.603@v.loewis.de>
References: <20110604082237.GA32282@sleipnir.bytereef.org> <D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info>
<4DEA53B1.603@v.loewis.de>
Message-ID: <4DEA95D3.9060803@egenix.com>
"Martin v. L?wis" wrote:
>> Which makes me wonder, why is it that PyPI doesn't use a universally
>> accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
>> myself but would prefer using a cert by one of the commercial CAs for
>> the sake of the users.
>>
>> Any opinions?
>
> Primarily because of lack of volunteer time. Buying a certificate is
> a big effort, issuing a cacert one is simple.
>
> And before anybody says "no, it's not difficult", or "no, it shouldn't
> be difficult", please consider volunteering for the next ten years to
> manage the PSF server certificates (as one of the key problems that
> makes it difficult is that responsibilities change so often with
> volunteers).
Perhaps we could get Pat, the PSF secretary and administrator
to deal with the paperwork that's needed to get a certificate.
Installing it is not really such a major task, once you have
the paperwork done. Should we take this to the PSF board for
discussion ?
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jun 04 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2011-05-23: Released eGenix mx Base 3.2.0 http://python.egenix.com/
2011-05-25: Released mxODBC 3.1.1 http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy 16 days to go
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From justinc at cs.washington.edu Sat Jun 4 22:37:28 2011
From: justinc at cs.washington.edu (Justin Cappos)
Date: Sat, 4 Jun 2011 13:37:28 -0700
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <4DEA95D3.9060803@egenix.com>
References: <20110604082237.GA32282@sleipnir.bytereef.org>
<D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info>
<4DEA53B1.603@v.loewis.de> <4DEA95D3.9060803@egenix.com>
Message-ID: <BANLkTinYVdnK0R3d4Ku2tGzrODmBgc+=AA@mail.gmail.com>
It depends on the threat model which is worse.
If you're worried about the Chinese govt inserting malicious packages
to track dissidents then using an universally accepted SSL cert is a
bad idea. It's easy for a powerful and motivated attacker to get
arbitrary certs signed.
If you think that the risk of having the certificate stolen, loss of
administrative control, etc. is a bigger threat, then an universally
accepted SSL cert seems the wiser outcome.
Of course, if distutils and other tools don't check certs, etc. this
is all academic...
Thanks,
Justin
On Sat, Jun 4, 2011 at 1:30 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> "Martin v. L?wis" wrote:
>>> Which makes me wonder, why is it that PyPI doesn't use a universally
>>> accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
>>> myself but would prefer using a cert by one of the commercial CAs for
>>> the sake of the users.
>>>
>>> Any opinions?
>>
>> Primarily because of lack of volunteer time. Buying a certificate is
>> a big effort, issuing a cacert one is simple.
>>
>> And before anybody says "no, it's not difficult", or "no, it shouldn't
>> be difficult", please consider volunteering for the next ten years to
>> manage the PSF server certificates (as one of the key problems that
>> makes it difficult is that responsibilities change so often with
>> volunteers).
>
> Perhaps we could get Pat, the PSF secretary and administrator
> to deal with the paperwork that's needed to get a certificate.
>
> Installing it is not really such a major task, once you have
> the paperwork done. Should we take this to the PSF board for
> discussion ?
>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source ?(#1, Jun 04 2011)
>>>> Python/Zope Consulting and Support ... ? ? ? ?http://www.egenix.com/
>>>> mxODBC.Zope.Database.Adapter ... ? ? ? ? ? ? http://zope.egenix.com/
>>>> mxODBC, mxDateTime, mxTextTools ... ? ? ? ?http://python.egenix.com/
> ________________________________________________________________________
> 2011-05-23: Released eGenix mx Base 3.2.0 ? ? ?http://python.egenix.com/
> 2011-05-25: Released mxODBC 3.1.1 ? ? ? ? ? ? ?http://python.egenix.com/
> 2011-06-20: EuroPython 2011, Florence, Italy ? ? ? ? ? ? ? 16 days to go
>
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>
>
> ? eGenix.com Software, Skills and Services GmbH ?Pastor-Loeh-Str.48
> ? ?D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> ? ? ? ? ? Registered at Amtsgericht Duesseldorf: HRB 46611
> ? ? ? ? ? ? ? http://www.egenix.com/company/contact/
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
From martin at v.loewis.de Sat Jun 4 22:50:22 2011
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Sat, 04 Jun 2011 22:50:22 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <4DEA95D3.9060803@egenix.com>
References: <20110604082237.GA32282@sleipnir.bytereef.org> <D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info> <4DEA53B1.603@v.loewis.de>
<4DEA95D3.9060803@egenix.com>
Message-ID: <4DEA9A8E.7070607@v.loewis.de>
> Installing it is not really such a major task, once you have
> the paperwork done. Should we take this to the PSF board for
> discussion ?
Essentially, I don't want to deal with that CA bureaucracy at all.
If you think that by taking it to the PSF board, you get all the
issues resolved, please go ahead. Installing it in the end is
indeed easy.
Regards,
Martin
From mal at egenix.com Sat Jun 4 22:54:10 2011
From: mal at egenix.com (M.-A. Lemburg)
Date: Sat, 04 Jun 2011 22:54:10 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <BANLkTinYVdnK0R3d4Ku2tGzrODmBgc+=AA@mail.gmail.com>
References: <20110604082237.GA32282@sleipnir.bytereef.org> <D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info> <4DEA53B1.603@v.loewis.de>
<4DEA95D3.9060803@egenix.com>
<BANLkTinYVdnK0R3d4Ku2tGzrODmBgc+=AA@mail.gmail.com>
Message-ID: <4DEA9B72.7030700@egenix.com>
Justin Cappos wrote:
> It depends on the threat model which is worse.
>
> If you're worried about the Chinese govt inserting malicious packages
> to track dissidents then using an universally accepted SSL cert is a
> bad idea. It's easy for a powerful and motivated attacker to get
> arbitrary certs signed.
>
> If you think that the risk of having the certificate stolen, loss of
> administrative control, etc. is a bigger threat, then an universally
> accepted SSL cert seems the wiser outcome.
>
> Of course, if distutils and other tools don't check certs, etc. this
> is all academic...
I think it has more to do with being user friendly than anything else.
A casual user seeing the Firefox warning about an untrusted connection
is likely going to revert to using the unsecure HTTP connection rather
than accepting an exception to get a secure HTTPS one.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jun 04 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2011-05-23: Released eGenix mx Base 3.2.0 http://python.egenix.com/
2011-05-25: Released mxODBC 3.1.1 http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy 16 days to go
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From mal at egenix.com Sat Jun 4 22:55:26 2011
From: mal at egenix.com (M.-A. Lemburg)
Date: Sat, 04 Jun 2011 22:55:26 +0200
Subject: [Catalog-sig] Add link to secure connection to the PyPI front
page
In-Reply-To: <4DEA9A8E.7070607@v.loewis.de>
References: <20110604082237.GA32282@sleipnir.bytereef.org> <D0545564-CFEA-48B5-B232-687F25047ED4@leidel.info> <4DEA53B1.603@v.loewis.de> <4DEA95D3.9060803@egenix.com>
<4DEA9A8E.7070607@v.loewis.de>
Message-ID: <4DEA9BBE.50904@egenix.com>
"Martin v. L?wis" wrote:
>> Installing it is not really such a major task, once you have
>> the paperwork done. Should we take this to the PSF board for
>> discussion ?
>
> Essentially, I don't want to deal with that CA bureaucracy at all.
I can understand that :-)
> If you think that by taking it to the PSF board, you get all the
> issues resolved, please go ahead.
Ok, let's give it a try, then.
> Installing it in the end is indeed easy.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jun 04 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2011-05-23: Released eGenix mx Base 3.2.0 http://python.egenix.com/
2011-05-25: Released mxODBC 3.1.1 http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy 16 days to go
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From fuzzyman at gmail.com Tue Jun 14 19:47:27 2011
From: fuzzyman at gmail.com (Michael Foord)
Date: Tue, 14 Jun 2011 18:47:27 +0100
Subject: [Catalog-sig] Server error page for pypi
Message-ID: <BANLkTiktuFqx0_352phk6HKquuw0vsujkg@mail.gmail.com>
Hey all,
We received the following notification on webmaster at python.org:
"""
http://pypi.python.org/simple/py-bcrypt/ is down
here is error message.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable
to complete your request.
Please contact the server administrator, webmaster at python.org and inform
them of the time the error occurred, and anything you might have done that
may have caused the error.
More information about this error may be available in the server error log.
"""
I don't see a server error on that page, so it was obviously a temporary
problem. However in the event of an error webmaster at python.org is not a
helpful email address to send notifications to. Either the pypi bug tracker
or this list would be better. Would it be possible to use a different
template for server error pages please.
All the best,
Michael Foord
--
http://www.voidspace.org.uk/
May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110614/3596b1d3/attachment.html>
From martin at v.loewis.de Wed Jun 15 00:37:10 2011
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Wed, 15 Jun 2011 00:37:10 +0200
Subject: [Catalog-sig] Server error page for pypi
In-Reply-To: <BANLkTiktuFqx0_352phk6HKquuw0vsujkg@mail.gmail.com>
References: <BANLkTiktuFqx0_352phk6HKquuw0vsujkg@mail.gmail.com>
Message-ID: <4DF7E296.6080607@v.loewis.de>
> I don't see a server error on that page, so it was obviously a temporary
> problem. However in the event of an error webmaster at python.org
> <mailto:webmaster at python.org> is not a helpful email address to send
> notifications to. Either the pypi bug tracker or this list would be
> better. Would it be possible to use a different template for server
> error pages please.
Can you please elaborate? Should we stop claiming "Website maintained by
the Python community"? If not, what specific change do you envision?
I do think webmaster@ is a helpful address to send messages to,
in particular for people who missed the link "Get help" or "Bug reports".
Regards,
Martin
From ziade.tarek at gmail.com Thu Jun 16 17:27:02 2011
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Thu, 16 Jun 2011 17:27:02 +0200
Subject: [Catalog-sig] Case sensitive names
Message-ID: <BANLkTimja9UdCTMOunQy4Z1iv4v4QBZOFA@mail.gmail.com>
Hey
I realize that
http://a.pypi.python.org/simple/webob/ *and*
http://a.pypi.python.org/simple/WebOb/ both exist (the first one is
an alias)
this is fine, but the mirrors don't copy the aliases. so
http://c.pypi.python.org/simple/webob/ will issue a 404
This is OK for pip and easy_install as they fallback on the main index
to look for the real name if simple/webob/ is not found,
and I can probably add the same behavior in the new crawler in packaging.
But what about changing this in the future by making all index paths
lower cases, so both PyPI and its mirrors are completely similar
The non-lower case version could become the alias for backward
compatible purposes, but tools could start to lower-case all
project names by default when looking at the index
Cheers
Tarek
--
Tarek Ziad? | http://ziade.org
From techtonik at gmail.com Wed Jun 22 15:01:52 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Wed, 22 Jun 2011 06:01:52 -0700 (PDT)
Subject: [Catalog-sig] Google Groups Mirror
Message-ID: <22891004.474.1308747712325.JavaMail.geo-discussion-forums@vbre5>
Hi. Just wanted you to know that it is now possible to access "catalog
special interest group" from Google Groups interface. Hopefully, this will
boost collaboration a bit. I've done this to be able to subscribe to
selected threads, search and reply from the web interface.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110622/805a11d7/attachment.html>
From techtonik at gmail.com Wed Jun 22 16:59:36 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Wed, 22 Jun 2011 07:59:36 -0700 (PDT)
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <22891004.474.1308747712325.JavaMail.geo-discussion-forums@vbre5>
Message-ID: <17019510.789.1308754776976.JavaMail.geo-discussion-forums@vbit26>
Forgot the main part - https://groups.google.com/forum/#!forum/pypi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110622/b6feb24f/attachment.html>
From pydanny at gmail.com Wed Jun 22 19:39:37 2011
From: pydanny at gmail.com (Daniel Greenfeld)
Date: Wed, 22 Jun 2011 10:39:37 -0700 (PDT)
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <17019510.789.1308754776976.JavaMail.geo-discussion-forums@vbit26>
Message-ID: <29214449.762.1308764377047.JavaMail.geo-discussion-forums@prob10>
As you can see, I can reply to both catalog-sig and google groups. Is this a
good thing?
Danny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110622/2e6296d2/attachment.html>
From techtonik at gmail.com Thu Jun 23 01:14:33 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Wed, 22 Jun 2011 16:14:33 -0700 (PDT)
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <29214449.762.1308764377047.JavaMail.geo-discussion-forums@prob10>
Message-ID: <7025587.657.1308784473334.JavaMail.geo-discussion-forums@vbxe21>
You can reply only to catalog-sig and the mail will reach groups. Replying
to both doesn't do any harm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110622/d2f1684d/attachment.html>
From richard at python.org Thu Jun 23 08:49:21 2011
From: richard at python.org (Richard Jones)
Date: Thu, 23 Jun 2011 16:49:21 +1000
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <7025587.657.1308784473334.JavaMail.geo-discussion-forums@vbxe21>
References: <29214449.762.1308764377047.JavaMail.geo-discussion-forums@prob10>
<7025587.657.1308784473334.JavaMail.geo-discussion-forums@vbxe21>
Message-ID: <BANLkTimJu482Ow5pjn8OA=ooYrUOQ5Jbyg@mail.gmail.com>
On 23 June 2011 09:14, anatoly techtonik <techtonik at gmail.com> wrote:
> You can reply only to catalog-sig and the mail will reach groups. Replying
> to both doesn't do any harm.
I'd like to discourage posting through the google group please.
Messages from the "pypi" group appear to come from that group, so
replying to them sends the message to that group. Which most (all, at
the moment) aren't subscribed to, so it bounces. So you have to
manually modify the "to" header when replying.
And one of the catalog-sig moderators has to approve each message
unless you're subscribed to the list. Which (speaking as one of thetwo
moderators) if you're going to be posting often, is a little rude.
Richard
From pydanny at gmail.com Thu Jun 23 09:48:49 2011
From: pydanny at gmail.com (Daniel Greenfeld)
Date: Thu, 23 Jun 2011 00:48:49 -0700
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <BANLkTimJu482Ow5pjn8OA=ooYrUOQ5Jbyg@mail.gmail.com>
References: <29214449.762.1308764377047.JavaMail.geo-discussion-forums@prob10>
<7025587.657.1308784473334.JavaMail.geo-discussion-forums@vbxe21>
<BANLkTimJu482Ow5pjn8OA=ooYrUOQ5Jbyg@mail.gmail.com>
Message-ID: <BANLkTikyng78ATi1YtNb-46sqvZR2Qrp5g@mail.gmail.com>
On Wed, Jun 22, 2011 at 11:49 PM, Richard Jones <richard at python.org> wrote:
> On 23 June 2011 09:14, anatoly techtonik <techtonik at gmail.com> wrote:
>> You can reply only to catalog-sig and the mail will reach groups. Replying
>> to both doesn't do any harm.
>
> I'd like to discourage posting through the google group please.
>
> Messages from the "pypi" group appear to come from that group, so
> replying to them sends the message to that group. Which most (all, at
> the moment) aren't subscribed to, so it bounces. So you have to
> manually modify the "to" header when replying.
>
> And one of the catalog-sig moderators has to approve each message
> unless you're subscribed to the list. Which (speaking as one of thetwo
> moderators) if you're going to be posting often, is a little rude.
That seems rather ugly. Makes me wonder if the google groups mirror
can be set so it can't be posted from. Anatoly?
--
'Knowledge is Power'
Daniel Greenfeld
http://pydanny.blogspot.com
http://cartwheelweb.com
From techtonik at gmail.com Thu Jun 23 18:41:44 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 23 Jun 2011 09:41:44 -0700 (PDT)
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <BANLkTimJu482Ow5pjn8OA=ooYrUOQ5Jbyg@mail.gmail.com>
Message-ID: <5917311.2068.1308847304175.JavaMail.geo-discussion-forums@vbre5>
On Thursday, June 23, 2011 9:49:21 AM UTC+3, Richard Jones wrote:
>
> On 23 June 2011 09:14, anatoly techtonik <tech... at gmail.com> wrote:
> > You can reply only to catalog-sig and the mail will reach groups.
> Replying
> > to both doesn't do any harm.
>
> I'd like to discourage posting through the google group please.
>
I didn't know any of the following info, so if you can help to setup this
correctly - it will be appreciated.
> Messages from the "pypi" group appear to come from that group, so
> replying to them sends the message to that group. Which most (all, at
> the moment) aren't subscribed to, so it bounces. So you have to
> manually modify the "to" header when replying.
>
Are you sure about that? From
http://mail.python.org/pipermail/catalog-sig/2011-June/003795.html I see
only my own address. Can you send me the email with all headers?
> And one of the catalog-sig moderators has to approve each message
> unless you're subscribed to the list. Which (speaking as one of thetwo
> moderators) if you're going to be posting often, is a little rude.
>
I didn't know this. It is not said that the list is moderated at
http://mail.python.org/mailman/listinfo/catalog-sig so I assumed it is free
for all. BTW, the group address is subscribed to the list, so the messages
should not end in moderation queue if they are coming from the group's
address as you mentioned in the previous paragraph.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110623/112bbf0e/attachment.html>
From richard at python.org Fri Jun 24 01:47:51 2011
From: richard at python.org (Richard Jones)
Date: Fri, 24 Jun 2011 09:47:51 +1000
Subject: [Catalog-sig] Google Groups Mirror
In-Reply-To: <5917311.2068.1308847304175.JavaMail.geo-discussion-forums@vbre5>
References: <BANLkTimJu482Ow5pjn8OA=ooYrUOQ5Jbyg@mail.gmail.com>
<5917311.2068.1308847304175.JavaMail.geo-discussion-forums@vbre5>
Message-ID: <BANLkTinNsFFo9AmLsuw=LdeDYA9kzWjobQ@mail.gmail.com>
On 24 June 2011 02:41, anatoly techtonik <techtonik at gmail.com> wrote:
> On Thursday, June 23, 2011 9:49:21 AM UTC+3, Richard Jones wrote:
>> On 23 June 2011 09:14, anatoly techtonik <tech... at gmail.com> wrote:
>> > You can reply only to catalog-sig and the mail will reach groups.
>> > Replying
>> > to both doesn't do any harm.
>>
>> I'd like to discourage posting through the google group please.
>
> I didn't know any of the following info, so if you can help to setup this
> correctly - it will be appreciated.
Sorry, I can't help.
>> Messages from the "pypi" group appear to come from that group, so
>> replying to them sends the message to that group. Which most (all, at
>> the moment) aren't subscribed to, so it bounces. So you have to
>> manually modify the "to" header when replying.
>
> Are you sure about that?
> From?http://mail.python.org/pipermail/catalog-sig/2011-June/003795.html?I
> see only my own address. Can?you send me the email with all headers?
The From: header is your adddress. The reply-to is the google group.
The only mention catalog-sig gets is a bunch of List-* headers and an
X-BeenThere.
>> And one of the catalog-sig moderators has to approve each message
>> unless you're subscribed to the list. Which (speaking as one of thetwo
>> moderators) if you're going to be posting often, is a little rude.
>
> I didn't know this.?It is not said that the list is moderated at
> http://mail.python.org/mailman/listinfo/catalog-sig?so I assumed it is free
> for all. BTW, the group address is subscribed to the list, so the messages
> should not end in moderation queue if they are coming from the group's
> address as you mentioned in the previous paragraph.
No, since the From: header is your personal address.
Richard
From techtonik at gmail.com Wed Jun 29 20:57:20 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Wed, 29 Jun 2011 21:57:20 +0300
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
Message-ID: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
Hi,
Mailman <-> Google Groups integration doesn't work well, so I'm
sending mails directly as requested.
I often search for packages like 'soap' and open a lot of tabs. It is
impossible to navigate this mess, because all tabs are named like
"Python Package Index : package name" and 'package name' is of course
invisible. The obvious way to fix this is below (with full patch
attached).
Index: pypi/templates/standard_template.pt
===================================================================
- <title tal:content="string:Python Package Index : ${data/title}" />
+ <title tal:content="string:${data/title} : Python Package Index" />
However, it changes URL for all pages, which may be not what is
desired. Any ideas how to make it only for package description pages
in TAL?
Here comes the second question. Considering that I have an idea how to
do this in Django and:
1. more users are familiar with Django templates than with TAL
2. people are unlikely to learn another language for PyPI
3. Django templates are used in AppEngine port
4. Django templates seems way more simple and no less powerful
Will people here support migrating existing PyPI templates to Django?
I guess the process can be made more fun with incremental update.
However, I don't know if Django template engine can be separately
installed even though App Engine SDK supports this. I've heard that
Jinja2 is compatible option, so it can also be used instead.
--
anatoly t.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: package.names.first.patch
Type: application/octet-stream
Size: 860 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110629/bd0203be/attachment.obj>
From chris at simplistix.co.uk Wed Jun 29 21:25:34 2011
From: chris at simplistix.co.uk (Chris Withers)
Date: Wed, 29 Jun 2011 20:25:34 +0100
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
Message-ID: <4E0B7C2E.502@simplistix.co.uk>
On 29/06/2011 19:57, anatoly techtonik wrote:
> 1. more users are familiar with Django templates than with TAL
That an interesting and probably incorrect assertion.
> 4. Django templates seems way more simple and no less powerful
That's just plain wrong.
> Will people here support migrating existing PyPI templates to Django?
-1 from me.
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
From techtonik at gmail.com Wed Jun 29 23:46:01 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 30 Jun 2011 00:46:01 +0300
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <4E0B7C2E.502@simplistix.co.uk>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<4E0B7C2E.502@simplistix.co.uk>
Message-ID: <BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
On Wed, Jun 29, 2011 at 10:25 PM, Chris Withers <chris at simplistix.co.uk> wrote:
> On 29/06/2011 19:57, anatoly techtonik wrote:
>>
>> 1. more users are familiar with Django templates than with TAL
>
> That an interesting and probably incorrect assertion.
Some proof from my side.
http://www.google.com/trends?q=%22tal+templates%22%2C+%22django+templates%22
Your turn.
>> 4. Django templates seems way more simple and no less powerful
>
> That's just plain wrong.
Ok. Then answer the original question. How to override html title
attribute for a subset of PyPI pages?
>> Will people here support migrating existing PyPI templates to Django?
>
> -1 from me.
Ok. Personal question then - do you support moving PyPI to App Engine?
Do you support moving PyPI to other cloud platform?
--
anatoly t.
From chris at simplistix.co.uk Wed Jun 29 23:54:39 2011
From: chris at simplistix.co.uk (Chris Withers)
Date: Wed, 29 Jun 2011 22:54:39 +0100
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<4E0B7C2E.502@simplistix.co.uk>
<BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
Message-ID: <4E0B9F1F.8060209@simplistix.co.uk>
On 29/06/2011 22:46, anatoly techtonik wrote:
> On Wed, Jun 29, 2011 at 10:25 PM, Chris Withers<chris at simplistix.co.uk> wrote:
>> On 29/06/2011 19:57, anatoly techtonik wrote:
>>>
>>> 1. more users are familiar with Django templates than with TAL
>>
>> That an interesting and probably incorrect assertion.
>
> Some proof from my side.
> http://www.google.com/trends?q=%22tal+templates%22%2C+%22django+templates%22
> Your turn.
Pointless posturing.
Google trends don't provide a way to accurately compare the usage of two
templating languages. The whole Plone community uses TAL, not to mention
the rest of the Zope world, all the people who use chameleon or one of
the other python TAL implementations, not to mention the TAL
implementations in other languages such as Java and PHP.
>>> 4. Django templates seems way more simple and no less powerful
>>
>> That's just plain wrong.
>
> Ok. Then answer the original question. How to override html title
> attribute for a subset of PyPI pages?
The root template is likely a macro template, if it hasn't been designed
to allow customising on a per-page basis, you'd need to modify it:
<title metal:define-slot="title"...
Then in the specific template, fill that slot:
<title metal:fill-slot="title"...
> Ok. Personal question then - do you support moving PyPI to App Engine?
Absolutely not.
> Do you support moving PyPI to other cloud platform?
+0.
I'm in favour of mirrors, how those mirrors are implemented I don't
really care, as long as the http api they expose is consistent and, more
importantly, provided the tools around (ie: setuptools) use them.
If that last issue isn't solved, mirrors are cute and maybe useful in
emergencies where you're prepared to go and manually download packages,
but otherwise they're essentially useless.
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
From pydanny at gmail.com Thu Jun 30 00:00:16 2011
From: pydanny at gmail.com (Daniel Greenfeld)
Date: Wed, 29 Jun 2011 15:00:16 -0700
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <4E0B9F1F.8060209@simplistix.co.uk>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<4E0B7C2E.502@simplistix.co.uk>
<BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
<4E0B9F1F.8060209@simplistix.co.uk>
Message-ID: <BANLkTinUqCn_1MKpD3wqLOx+FneVaQQKVA@mail.gmail.com>
I'm just going to have to +1,000,000 Chris Withers on everything he says here.
I see ABSOLUTELY no reason to redo PyPI just because of one person
doesn't like how titles and urls are done.
I'm also really leery about hosting it on GAE. That locks PyPI into
one vendor and a proprietary toolset. The inner workings of GAE are
the domain of Google and I would like to think that the main package
repo for Python be 100% open source.
FWIW, Anatoly, there are numerous PyPI clones in Django already. You
are smart. Why not use http://djangopackages.com/packages/p/chishop/
or one of its forks. Then alter it to suit your needs.
Daniel Greenfeld
On Wed, Jun 29, 2011 at 2:54 PM, Chris Withers <chris at simplistix.co.uk> wrote:
> On 29/06/2011 22:46, anatoly techtonik wrote:
>>
>> On Wed, Jun 29, 2011 at 10:25 PM, Chris Withers<chris at simplistix.co.uk>
>> ?wrote:
>>>
>>> On 29/06/2011 19:57, anatoly techtonik wrote:
>>>>
>>>> 1. more users are familiar with Django templates than with TAL
>>>
>>> That an interesting and probably incorrect assertion.
>>
>> Some proof from my side.
>>
>> http://www.google.com/trends?q=%22tal+templates%22%2C+%22django+templates%22
>> Your turn.
>
> Pointless posturing.
> Google trends don't provide a way to accurately compare the usage of two
> templating languages. The whole Plone community uses TAL, not to mention the
> rest of the Zope world, all the people who use chameleon or one of the other
> python TAL implementations, not to mention the TAL implementations in other
> languages such as Java and PHP.
>
>>>> 4. Django templates seems way more simple and no less powerful
>>>
>>> That's just plain wrong.
>>
>> Ok. Then answer the original question. How to override html title
>> attribute for a subset of PyPI pages?
>
> The root template is likely a macro template, if it hasn't been designed to
> allow customising on a per-page basis, you'd need to modify it:
>
> <title metal:define-slot="title"...
>
> Then in the specific template, fill that slot:
>
> <title metal:fill-slot="title"...
>
>> Ok. Personal question then - do you support moving PyPI to App Engine?
>
> Absolutely not.
>
>> Do you support moving PyPI to other cloud platform?
>
> +0.
>
> I'm in favour of mirrors, how those mirrors are implemented I don't really
> care, as long as the http api they expose is consistent and, more
> importantly, provided the tools around (ie: setuptools) use them.
>
> If that last issue isn't solved, mirrors are cute and maybe useful in
> emergencies where you're prepared to go and manually download packages, but
> otherwise they're essentially useless.
>
> cheers,
>
> Chris
>
> --
> Simplistix - Content Management, Batch Processing & Python Consulting
> ? ? ? ? ? - http://www.simplistix.co.uk
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
--
'Knowledge is Power'
Daniel Greenfeld
http://pydanny.blogspot.com
http://cartwheelweb.com
From ben+python at benfinney.id.au Thu Jun 30 01:53:16 2011
From: ben+python at benfinney.id.au (Ben Finney)
Date: Thu, 30 Jun 2011 09:53:16 +1000
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<4E0B7C2E.502@simplistix.co.uk>
<BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
Message-ID: <87zkl0kxeb.fsf@benfinney.id.au>
anatoly techtonik <techtonik at gmail.com> writes:
> Ok. Personal question then - do you support moving PyPI to App Engine?
I don't know why that's a personal question.
?1 on any move to move PyPI away from technologies controlled by the
community. We don't need to increase vendor lock-in for critical
infrastructure.
> Do you support moving PyPI to other cloud platform?
I don't know of any good coherent definition of such a thing, so I don't
know what an answer would mean.
--
\ ?Whenever you read a good book, it's like the author is right |
`\ there, in the room talking to you, which is why I don't like to |
_o__) read good books.? ?Jack Handey |
Ben Finney
From merwok at netwok.org Thu Jun 30 16:02:16 2011
From: merwok at netwok.org (=?UTF-8?B?w4lyaWMgQXJhdWpv?=)
Date: Thu, 30 Jun 2011 16:02:16 +0200
Subject: [Catalog-sig] Page titles
In-Reply-To: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
Message-ID: <4E0C81E8.9020101@netwok.org>
Hi,
> I often search for packages like 'soap' and open a lot of tabs. It is
> impossible to navigate this mess, because all tabs are named like
> "Python Package Index : package name" and 'package name' is of course
> invisible. The obvious way to fix this is below (with full patch
> attached).
>
> Index: pypi/templates/standard_template.pt
> ===================================================================
> - <title tal:content="string:Python Package Index : ${data/title}" />
> + <title tal:content="string:${data/title} : Python Package Index" />
Agreed about the bug and fix, only I?d use a ? character, not a
semicolon. It?s a good practice on the Web to put the generic part of
the title after the specific part.
> However, it changes URL for all pages, which may be not what is
> desired.
Does it really change URIs? I thought this was about titles only.
Regards
From fdrake at acm.org Thu Jun 30 16:54:14 2011
From: fdrake at acm.org (Fred Drake)
Date: Thu, 30 Jun 2011 10:54:14 -0400
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
Message-ID: <BANLkTinL+25RteQH1ByiKvVT7_3H_U9CEA@mail.gmail.com>
On Wed, Jun 29, 2011 at 2:57 PM, anatoly techtonik <techtonik at gmail.com> wrote:
> Index: pypi/templates/standard_template.pt
> ===================================================================
> - ? ? ?<title tal:content="string:Python Package Index : ${data/title}" />
> + ? ? ?<title tal:content="string:${data/title} : Python Package Index" />
This patch is good.
> However, it changes URL for all pages, which may be not what is
> desired. Any ideas how to make it only for package description pages
> in TAL?
It does not affect the URLs, only the page titles.
-Fred
--
Fred L. Drake, Jr.? ? <fdrake at acm.org>
"Give me the luxuries of life and I will willingly do without the necessities."
?? --Frank Lloyd Wright
From fdrake at acm.org Thu Jun 30 16:59:45 2011
From: fdrake at acm.org (Fred Drake)
Date: Thu, 30 Jun 2011 10:59:45 -0400
Subject: [Catalog-sig] Tal to Django/Jinja transition
Message-ID: <BANLkTi=k_UKrBehvAuY9N-Jqk-dQi6rY9A@mail.gmail.com>
On Wed, Jun 29, 2011 at 2:57 PM, anatoly techtonik <techtonik at gmail.com> wrote:
> Here comes the second question. Considering that I have an idea how to
> do this in Django and:
> 1. more users are familiar with Django templates than with TAL
> 2. people are unlikely to learn another language for PyPI
> 3. Django templates are used in AppEngine port
> 4. Django templates seems way more simple and no less powerful
Some may consider me biased with respect to ZPT, but I think I can be
reasonable.
Having recently looked at Django templating language (via Jinja2), I found
the language to be more confusing. I'm not generally a fan of template
languages (though I concede that they're useful, and use ZPT regularly),
the set of assumptions that seem present in the Django language revives my
wariness and mistrust of templating.
-Fred
--
Fred L. Drake, Jr.? ? <fdrake at acm.org>
"Give me the luxuries of life and I will willingly do without the necessities."
?? --Frank Lloyd Wright
From techtonik at gmail.com Thu Jun 30 18:10:52 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 30 Jun 2011 19:10:52 +0300
Subject: [Catalog-sig] Tal to Django/Jinja transition
In-Reply-To: <BANLkTi=k_UKrBehvAuY9N-Jqk-dQi6rY9A@mail.gmail.com>
References: <BANLkTi=k_UKrBehvAuY9N-Jqk-dQi6rY9A@mail.gmail.com>
Message-ID: <BANLkTi=VYwkZM0_UwaSVq8YKX7skbbJDFQ@mail.gmail.com>
On Thu, Jun 30, 2011 at 5:59 PM, Fred Drake <fdrake at acm.org> wrote:
> On Wed, Jun 29, 2011 at 2:57 PM, anatoly techtonik <techtonik at gmail.com> wrote:
>> Here comes the second question. Considering that I have an idea how to
>> do this in Django and:
>> 1. more users are familiar with Django templates than with TAL
>> 2. people are unlikely to learn another language for PyPI
>> 3. Django templates are used in AppEngine port
>> 4. Django templates seems way more simple and no less powerful
>
> Some may consider me biased with respect to ZPT, but I think I can be
> reasonable.
>
> Having recently looked at Django templating language (via Jinja2), I found
> the language to be more confusing. ?I'm not generally a fan of template
> languages (though I concede that they're useful, and use ZPT regularly),
> the set of assumptions that seem present in the Django language revives my
> wariness and mistrust of templating.
We are all technical people here. I learned Django templating, because
I have to patch Rietveld. I tried to learn TAL to patch Roundup, but
couldn't find a sane reference, so I learned by example, but still
can't find a way how to patch PyPI for my simple use case. Django docs
are much better in this respect.
So, as we are all technical people here, do you have any specific
critics towards one approach or another, so I can at least get an idea
why people like TAL and may prefer it over Django given equal
familiarity and experience in both languages?
--
anatoly t.
From techtonik at gmail.com Thu Jun 30 18:13:40 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 30 Jun 2011 19:13:40 +0300
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <BANLkTinL+25RteQH1ByiKvVT7_3H_U9CEA@mail.gmail.com>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<BANLkTinL+25RteQH1ByiKvVT7_3H_U9CEA@mail.gmail.com>
Message-ID: <BANLkTinDhyqk+KPjyJf4GvdzO+=PnfODcg@mail.gmail.com>
On Thu, Jun 30, 2011 at 5:54 PM, Fred Drake <fdrake at acm.org> wrote:
> On Wed, Jun 29, 2011 at 2:57 PM, anatoly techtonik <techtonik at gmail.com> wrote:
>> Index: pypi/templates/standard_template.pt
>> ===================================================================
>> - ? ? ?<title tal:content="string:Python Package Index : ${data/title}" />
>> + ? ? ?<title tal:content="string:${data/title} : Python Package Index" />
>
> This patch is good.
>
>> However, it changes URL for all pages, which may be not what is
>> desired. Any ideas how to make it only for package description pages
>> in TAL?
>
> It does not affect the URLs, only the page titles.
Yes, sorry, I meant Titles, not URLS.
--
anatoly t.
From benji at benjiyork.com Thu Jun 30 18:26:27 2011
From: benji at benjiyork.com (Benji York)
Date: Thu, 30 Jun 2011 11:26:27 -0500
Subject: [Catalog-sig] Tal to Django/Jinja transition
In-Reply-To: <BANLkTi=VYwkZM0_UwaSVq8YKX7skbbJDFQ@mail.gmail.com>
References: <BANLkTi=k_UKrBehvAuY9N-Jqk-dQi6rY9A@mail.gmail.com>
<BANLkTi=VYwkZM0_UwaSVq8YKX7skbbJDFQ@mail.gmail.com>
Message-ID: <BANLkTi=B0FdJm5Ry--SWTwmhd572VnxwtA@mail.gmail.com>
On Thu, Jun 30, 2011 at 11:10 AM, anatoly techtonik <techtonik at gmail.com> wrote:
> On Thu, Jun 30, 2011 at 5:59 PM, Fred Drake <fdrake at acm.org> wrote:
>> On Wed, Jun 29, 2011 at 2:57 PM, anatoly techtonik <techtonik at gmail.com> wrote:
>>> Here comes the second question. Considering that I have an idea how to
>>> do this in Django and:
>>> 1. more users are familiar with Django templates than with TAL
>>> 2. people are unlikely to learn another language for PyPI
>>> 3. Django templates are used in AppEngine port
>>> 4. Django templates seems way more simple and no less powerful
>>
>> Some may consider me biased with respect to ZPT, but I think I can be
>> reasonable.
>>
>> Having recently looked at Django templating language (via Jinja2), I found
>> the language to be more confusing. ?I'm not generally a fan of template
>> languages (though I concede that they're useful, and use ZPT regularly),
>> the set of assumptions that seem present in the Django language revives my
>> wariness and mistrust of templating.
>
> We are all technical people here. I learned Django templating, because
> I have to patch Rietveld. I tried to learn TAL to patch Roundup, but
> couldn't find a sane reference, so I learned by example, but still
> can't find a way how to patch PyPI for my simple use case. Django docs
> are much better in this respect.
When I have questions I use the TAL, TALES, and METAL specs:
http://wiki.zope.org/ZPT/TALSpecification14
http://wiki.zope.org/ZPT/TALESSpecification13
http://wiki.zope.org/ZPT/METALSpecification11
> So, as we are all technical people here, do you have any specific
> critics towards one approach or another, so I can at least get an idea
> why people like TAL and may prefer it over Django given equal
> familiarity and experience in both languages?
I've never used the Django template language so my perspective is
limited. I like ZPT (Zope Page Templates, the combination of TAL,
TALES, and METAL) because it is simple and well defined.
I'd actually like it if it did even less (e.g., not have the ability to
include Python expressions). I suspect I'm in the minority there.
--
Benji York
From techtonik at gmail.com Thu Jun 30 18:43:10 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 30 Jun 2011 19:43:10 +0300
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <4E0B9F1F.8060209@simplistix.co.uk>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<4E0B7C2E.502@simplistix.co.uk>
<BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
<4E0B9F1F.8060209@simplistix.co.uk>
Message-ID: <BANLkTi=9T9heOxcDv2sNAdijT2yoP_tvsw@mail.gmail.com>
On Thu, Jun 30, 2011 at 12:54 AM, Chris Withers <chris at simplistix.co.uk> wrote:
>>> On 29/06/2011 19:57, anatoly techtonik wrote:
>>>>
>>>> 1. more users are familiar with Django templates than with TAL
>>>
>>> That an interesting and probably incorrect assertion.
>>
>> Some proof from my side.
>>
>> http://www.google.com/trends?q=%22tal+templates%22%2C+%22django+templates%22
>> Your turn.
>
> Pointless posturing.
> Google trends don't provide a way to accurately compare the usage of two
> templating languages. The whole Plone community uses TAL, not to mention the
> rest of the Zope world, all the people who use chameleon or one of the other
> python TAL implementations, not to mention the TAL implementations in other
> languages such as Java and PHP.
I don't know the size of these communities. Never tried to use Plone.
I guess that's because it is GPL, and the only site I know that uses
it is stackless.com, which is in a rather poor condition. Zope doesn't
sounds good if pronounced in Russian, but I guess the license
limitation (obligatory doc writing) was a primary concern too.
>>>> 4. Django templates seems way more simple and no less powerful
>>>
>>> That's just plain wrong.
>>
>> Ok. Then answer the original question. How to override html title
>> attribute for a subset of PyPI pages?
>
> The root template is likely a macro template, if it hasn't been designed to
> allow customising on a per-page basis, you'd need to modify it:
>
> <title metal:define-slot="title"...
>
> Then in the specific template, fill that slot:
>
> <title metal:fill-slot="title"...
Thanks. It doesn't seem right to include <title> tag in display.pt
that doesn't have head section at all, so I've inserted
<metal:fill fill-slot="title"...
Will the new patch work ok? (attached)
>> Ok. Personal question then - do you support moving PyPI to App Engine?
>
> Absolutely not.
>
>> Do you support moving PyPI to other cloud platform?
>
> +0.
>
> I'm in favour of mirrors, how those mirrors are implemented I don't really
> care, as long as the http api they expose is consistent and, more
> importantly, provided the tools around (ie: setuptools) use them.
>
> If that last issue isn't solved, mirrors are cute and maybe useful in
> emergencies where you're prepared to go and manually download packages, but
> otherwise they're essentially useless.
Sounds reasonable. But increased availability, security and DoS
protection with mirrors is gained at a cost of administration hassle,
and server stuff is something nobody wants to deal with, because these
problems are truly endless.
--
anatoly t.
-------------- next part --------------
Index: pypi/templates/display.pt
===================================================================
--- pypi/templates/display.pt (revision 925)
+++ pypi/templates/display.pt (working copy)
@@ -4,6 +4,8 @@
xmlns:metal="http://xml.zope.org/namespaces/metal"
metal:use-macro="standard_template/macros/page">
+<metal:fill fill-slot="title" tal:content="string:${data/name} ${data/version}: Python Package Index" />
+
<metal:fill fill-slot="head">
<meta tal:condition="data/release/keywords | nothing"
name="keywords"
Index: pypi/templates/standard_template.pt
===================================================================
--- pypi/templates/standard_template.pt (revision 925)
+++ pypi/templates/standard_template.pt (working copy)
@@ -8,7 +8,7 @@
<META NAME="ROBOTS" CONTENT="NOINDEX,NOFOLLOW" tal:condition="data/norobots"/>
<meta content="text/html; charset=utf-8" http-equiv="content-type" />
<base tal:attributes="href data/FULL_PATH_INFO"/>
- <title tal:content="string:Python Package Index : ${data/title}" />
+ <title metal:define-slot="title" tal:content="Python Package Index : string:${data/title}" />
<meta tal:attributes="content data/keywords" />
<meta tal:attributes="content data/description" />
<link rel="alternate" type="application/rss+xml" title="RSS: 30 latest updates" href="http://www.python.org/pypi?:action=rss"/>
Index: pypi/webui.py
===================================================================
--- pypi/webui.py (revision 925)
+++ pypi/webui.py (working copy)
@@ -1348,7 +1348,6 @@
name=name, version=version, release=release,
description=release.get('summary') or name,
keywords=release.get('keywords', ''),
- title=name + " " +version,
requires=values('requires'),
provides=values('provides'),
obsoletes=values('obsoletes'),
From techtonik at gmail.com Thu Jun 30 19:26:57 2011
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 30 Jun 2011 20:26:57 +0300
Subject: [Catalog-sig] Tab Title customization and Tal to Django/Jinja
transition
In-Reply-To: <BANLkTinUqCn_1MKpD3wqLOx+FneVaQQKVA@mail.gmail.com>
References: <BANLkTik5PURsjjufC+VdL2zgiCOKobA=Nw@mail.gmail.com>
<4E0B7C2E.502@simplistix.co.uk>
<BANLkTinwxB__n6qcuYibaivXsVi3HGGS5w@mail.gmail.com>
<4E0B9F1F.8060209@simplistix.co.uk>
<BANLkTinUqCn_1MKpD3wqLOx+FneVaQQKVA@mail.gmail.com>
Message-ID: <BANLkTinZwCitHLnAHDXLvy=qTWqTA0zsjA@mail.gmail.com>
On Thu, Jun 30, 2011 at 1:00 AM, Daniel Greenfeld <pydanny at gmail.com> wrote:
> I'm just going to have to +1,000,000 Chris Withers on everything he says here.
Chris, can you promise to give me +1$ if I buy you a beer? =)
> I see ABSOLUTELY no reason to redo PyPI just because of one person
> doesn't like how titles and urls are done.
Me too. Redoing PyPI is ABSOLUTELY useless waste of time regardless of
urls and titles.
> I'm also really leery about hosting it on GAE. That locks PyPI into
> one vendor and a proprietary toolset. The inner workings of GAE are
> the domain of Google and I would like to think that the main package
> repo for Python be 100% open source.
The trick is make application that runs on GAE IN ADDITION to running
standalone or on a separate own server. I've heard that it can be
easily achieved with Django + django-nonrel, but I don't have
experience. Maybe it will be necessary to switch to MongoDB from
PostreSQL/MySQL.
> FWIW, Anatoly, there are numerous PyPI clones in Django already. You
> are smart. Why not use http://djangopackages.com/packages/p/chishop/
> or one of its forks. Then alter it to suit your needs.
Alpha. No demo site. Two years without releases. But seems active. It
would be extremely useful to see a comparison of these or at least a
short review from those who are familiar with
http://wiki.python.org/moin/PyPiImplementations And the main problem
that I am forced to use PyPI, because it is the only server where
people can find and download my released packages.
--
anatoly t.