[Catalog-sig] PEP 438 implementation on testpypi
holger krekel
holger at merlinux.eu
Wed Mar 20 22:02:50 CET 2013
On Wed, Mar 20, 2013 at 21:27 +0100, M.-A. Lemburg wrote:
> On 20.03.2013 21:16, Richard Jones wrote:
> > On 20 March 2013 12:31, M.-A. Lemburg <mal at egenix.com> wrote:
> >> * I'm missing an option:
> >>
> >> [ ] Ask tools to scrape only the Download URL.
> >
> > This is not part of the planned implementation. The download_url was
> > never well-specified, and only allows for one URL, hence the
> > implementation we have.
>
> I know it's not in PEP 438 at the moment, but was one of the
> nits I mentioned to Holger last week. It's specified in the
> meta-data format 1.1 as "A string containing the URL from
> which this version of the package can be downloaded.":
>
> http://www.python.org/dev/peps/pep-0314/
>
> Having such an option would allow cleaning up the /simple/
> index pages a lot, without any changes on the tools side.
>
> It would also be needed for the my proposal of securing
> external downloads, where you point to a hashed download
> page with the download_url.
I think it's better to just go for a tool which a maintainer can
use to register external urls (with hashes) from crawling and scraping
links once from an external page. This way client installers worldwide
do not need to visit and scrape that external page just to obtain
release file links. As you have mostly automated your release process
do you foresee any issues with adding an automated step of registering
externals and putting your package hosting mode to "pypi-explicit"?
holger
> >> * Would it be possible to add a link to the corresponding
> >> /simple/ index page on the package menu (the one with files,
> >> urls, etc.) ?
> >
> > I guess this could be added, yes.
>
> Great.
>
> >> * Could you add a link to the PKG-INFO file from
> >> pypi?:action=display_pkginfo to the /simple/ page as
> >> <version>-PKG-INFO (to match the other links) ?
> >
> > We could think about it - what's the use-case?
>
> This would allow tools to easily and safely access meta-data
> of a package release without downloading, extracting and
> running the release files' setup.py.
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source (#1, Mar 20 2013)
> >>> Python Projects, Consulting and Support ... http://www.egenix.com/
> >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
> ________________________________________________________________________
> 2013-03-13: Released eGenix pyOpenSSL 0.13 ... http://egenix.com/go39
>
> ::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
>
> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> Registered at Amtsgericht Duesseldorf: HRB 46611
> http://www.egenix.com/company/contact/
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
More information about the Catalog-SIG
mailing list