[Catalog-sig] API for uploading packages to PyPI

[Ronald Oussoren]

On 22 Mar, 2013, at 9:58, anatoly techtonik <techtonik at gmail.com> wrote:

> On Fri, Mar 22, 2013 at 11:16 AM, Ronald Oussoren <ronaldoussoren at mac.com> wrote:
> 
> On 22 Mar, 2013, at 8:37, anatoly techtonik <techtonik at gmail.com> wrote:
> 
>> Hi,
>> 
>> I understand that this will make PyPI a potential target for automated spam bots, but still it will be awesome to have an API to upload packages to PyPI.
>> 
>> For example, I have a code that extract all necessary meta data for the package from the source file itself. It is even able to generate setup.py from this data. https://bitbucket.org/techtonik/astdump The next logical step in this chain is to teach it to upload stuff to PyPI.
>> 
>> Now I thought that this setup.py is an unnecessary complication. What I need, ideally is just upload single .py file, or a JSON and a .tar.gz FWIW. Is there a straightforward API for things like that? 
> 
> Several APIs are documented on pages linked directly from the PyPI homepage (the Infrastructure box)
> 
> Thanks for the pointer.
> 
> Some links are broken. I added redirects for wiki pages, but it will be better to fix links too.
The OAuth link appears to be broken, and that's likely part of the fallout of the wiki.python.org breakin.

> https://bitbucket.org/loewis/pypi/pull-request/4
> 
> Among those it seems that only OAuth API can be used to upload stuff.

I haven't looked at the code yet, but that's unlikely as distutils uses the HTTP API to upload files and AFAIK distutils doesn't implement OAuth.   IIRC OAuth was added fairly recently to make it possible for users to delegate some permissions to external web applications (such as pythonpackages.com) without storing their password in those applications.

Ronald

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130322/e046e330/attachment.html>