[Distutils] Making a wheel platform-specific?
Donald Stufft
donald at stufft.io
Tue Oct 28 15:04:17 CET 2014
> On Oct 28, 2014, at 9:43 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:
>
>> I think twine can do that for you (and is generally recommended these
>> days over setup.py upload, as it uses https).
>
> setup.py upload also uses https these days, AFAIK.
Paul forgot an important word there, *verified* HTTPS.
It is true that recently Python switched the default from http:// to https://
however in any released version of Python it still does not *verify* that
when uploading. I believe that PEP 476 will change that but it’s not in any
released Python to my knowledge and even then it’s hard to tell people “Well
setup.py upload is safe, in these particular scenarios” when it’s hard to
declare exactly when those scenarios are (Python versions, but also some older
versions thanks to downstream back porting patches etc). It doesn’t help either
that the design of distutils doesn’t allow uploading an existing file so if
you, for instance, want to upload a Python 2.6 specific Wheel then that won’t
have PEP 476 and then something like twine is the only way forward.
All in all it’s easier to just say “don’t use that, use this instead” than to
explain when and why it’s ok to use that.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the Distutils-SIG
mailing list