[Catalog-sig] pythonpackages.com beta security
aclark at aclark.net
Fri Jul 20 18:37:30 CEST 2012
On 7/20/12 2:38 AM, Richard Jones wrote:
> On 20 July 2012 15:43, Donald Stufft <donald.stufft at gmail.com> wrote:
>> On Friday, July 20, 2012 at 1:07 AM, Richard Jones wrote:
>> That's OAuth2, which is quite unlike the OAuth1(a) that we
>> implemented. You cannot do OAuth1 with just requests, as far as I'm
>> aware. There's no documentation for PyPI OAuth as we're still waiting
>> for it to be used by someone to prove its usefulness.
>> I havn't had a chance yet (doing a major refactor first), but there's
>> OAuth 1a support in the most recent versions of requests.
> Oh, nice! I'll see if I can find some time over the weekend to write
> up how to use that against the PyPI implementation.
Nice indeed! I'll take a look, too. Assuming I can get oauth1 going,
will that allow me to make releases on behalf of users? I'm not sure if
this is an oauth1 or 2 thing, but on GitHub you can choose which "scope"
you want your application to ask the user to grant to it:
So at the very least, I'd like my application to enable users to do the
equivalent of distutils' register and upload commands. The workflow
looks something like this:
- Create package via PasteScript-powered web form:
- Clone, develop code locally, and push
- Test the package release on pythonpackages.com via web form
submissions that execute the following:
$ python setup.py install
$ python setup.py sdist upload -r http://index.pythonpackages.com
- Manually test the release locally via:
$ pip install PACKAGE -i http://index.pythonpackages.com
- Release the package to PyPI via
$ python setup.py register sdist upload
Alex Clark · http://pythonpackages.com/ONE_CLICK_RELEASE
More information about the Catalog-SIG