[Distutils] PEP 503 - Simple Repository API
Donald Stufft
donald at stufft.io
Thu Sep 24 18:03:36 CEST 2015
On September 7, 2015 at 9:38:00 PM, Donald Stufft (donald at stufft.io) wrote:
> > I'm OK with adding the attribute to links, though we should still
> mandate the
> location. Neither pip nor setuptools will do anything with the
> PGP signatures
> but some other tooling might. The legacy behavior of "just try
> the link" will
> still work then, and if someone wants to do it more efficiently
> the attribute
> is there. I'm not sure it's going to be generally useful since
> the signing on
> PyPI doesn't really have a coherent threat model so it doesn't
> really protect
> against much.
I’ve gone ahead and done this (see https://hg.python.org/peps/rev/9090e66cc8c7).
I’m going to go ahead and accept this PEP now. I think any further modifications are going to go too far beyond the goal of documenting the current state of the API and would require PEPs in their own right.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the Distutils-SIG
mailing list