[Distutils] Current Python packaging status (from my point of view)

Nick Coghlan ncoghlan at gmail.com
Wed Nov 2 10:40:38 EDT 2016


On 2 November 2016 at 03:05, Chris Barker <chris.barker at noaa.gov> wrote:
>> Adding a new Python release or a new platform to the build
>> configuration is currently an activity that requires per-project work
>> when in theory a build service could just add it automatically based
>> on when new releases happen.
>
> hmm -- maybe we could leverage gitHub, like conda-forge does -- Warehouse
> would actually push to a repo on gitHub that would then trigger the CI
> builds -- though the sure seems cleaner for Warehouse to call teh CIs
> directly.

GitHub's integration works the other way around - it emits
notifications when events (like new commits) happen, and folks can
register external service to receive those events and then authorize
them to act on them (e.g. by publishing a release, or commenting on a
pull request).

This is one of the real costs of the lack of funding for PyPI
development - we simply don't have those event notification and
service authorisation primitives built into the current platform, so
the only current way to automate things is to trust services with full
access to your PyPI account by providing your password to them (which
is a fundamentally bad idea, which is why we don't recommend it).

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


More information about the Distutils-SIG mailing list