[Distutils] option #1 plus download_url scraping
Barry Warsaw
barry at python.org
Wed Jun 5 21:11:14 CEST 2013
On Jun 05, 2013, at 02:47 PM, Donald Stufft wrote:
>I'm really just trying to get a sense of your workflow to see if I can make
>any changes to improve the process for it.
>
>One of the big problems with download_url is that the data in setup.py is
>used in (and influences the content of) the final dist file. This means that
>inside of a setup.py you won't know what the hash of the final file is. So
>it's difficult for a setup.py based workflow with external urls to provide
>md5 sums for the files which means that pip and friends can't verify that no
>body modified the download in transit.
Let me explain what I (used to) do, and I'll let you decide whether anything
needs to change. ;)
When I've finally got my vcs into a releasable state, I'll generally do:
$ python setup.py sdist upload -s
As you know, this will create the tarball and signature file in dist, and
upload everything nicely to the Cheeseshop. At this point, I go to my
project's Launchpad page and push the big "I made a release" button. This
fiddles some state on my project page, and it allows me to upload files
attached to that particular release. The nice thing is that I can just upload
the dist/*.tar.gz and dist/*.asc to add the tarball and signature to the
Launchpad download page. E.g.
https://launchpad.net/flufl.enum
and
https://launchpad.net/flufl.enum/+download
The url is predictable (which is good because it also has to play nicely with
Debian watch files), with option #3, I just added the index page to
download_url and let clients scrape it. You'll see that it contains links to
the md5 checksum and the locally generated signature.
There must be some value to also allowing folks to download from Launchpad, as
shown by the 1055 downloads of flufl.enum. Where are the PyPI download stats?
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130605/e6527d40/attachment.pgp>
More information about the Distutils-SIG
mailing list