[Distutils] Multiple package authors
Wes Turner
wes.turner at gmail.com
Thu Dec 7 13:17:28 EST 2017
There are author-email and maintainer-email fields.
You could also or instead use a mailing list address for the author-email
or maintainer-email fields. Newlines work (just like file\nnames)?
With a mailing list, package maintainers can share responsibility (*) and
hand off correspondence without forwards and indentation.
Google Groups is free; are there alternatives:
https://support.google.com/groups/answer/2464926
You can use a third party service to create e.g. GitHub or GitLab issues
via email; however, security sensitive information (vulnerabilities,
credentials, personal information) may require additional caution and
admonitions.
If not otherwise specified in the long description, presumably the
author-email and/or maintainer-email address(es) are the correct place to
send fair disclosure information.
This could be a separate thread/issue and an additional package metadata
field maybe for Package Metadata 1.3? Sorry, a BIT OT.
security-email?
On Thursday, December 7, 2017, Barry Warsaw <barry at python.org> wrote:
> I think I implicitly knew this, but as I've just released a package (to
> be announced soon) that actually has multiple authors, I found out first
> hand that PyPI rejects uploads where the author-email field isn't a
> completely valid email address, and that there is no support for
> multiple author emails.
>
> As it turns out, you can kludge this into your pyproject.toml or
> setup.py file. flit for example separates multiple emails with a
> newline, but you could also separate them with commas. You don't notice
> the problem until PyPI rejects the upload (with a 400 IIRC).
>
> I filed this issue with flit: https://github.com/takluyver/flit/issues/153
>
> It looks like Thomas agrees that at least flit will eventually validate
> its fields so you error early. It was a bit of a PITA to do my upload
> because I didn't notice the problem until after I'd tagged the repo.
>
> Multiple package authors doesn't seem like that fringe of a use case;
> are there any plans, documents, PEPs, musings, grumbles about supporting
> multiple package authors explicitly?
>
> Cheers,
> -Barry
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20171207/b9c04a3b/attachment.html>
More information about the Distutils-SIG
mailing list