Looks like a good proposal. Regards, Poorvi Rohidekar
On Wed, 26 Jun 2024 at 00:28, Aritra Basu <aritrabasu1...@gmail.com> wrote: > Agreed, overall sounds like a positive change. Don't see any issues with it > -- > Regards, > Aritra Basu > > On Tue, Jun 25, 2024, 10:28 PM Ferruzzi, Dennis > <ferru...@amazon.com.invalid> > wrote: > > > Sounds good, I don't see a down side and "supply chain security" has been > > a big concern lately. > > > > > > - ferruzzi > > > > > > ________________________________ > > From: Wei Lee <weilee...@gmail.com> > > Sent: Tuesday, June 25, 2024 8:07 AM > > To: dev@airflow.apache.org > > Subject: RE: [EXT] [PROPOSAL] Use Trusted Publishing workflow for Airflow > > releases to PyPI > > > > CAUTION: This email originated from outside of the organization. Do not > > click links or open attachments unless you can confirm the sender and > know > > the content is safe. > > > > > > > > AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. > > Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne > pouvez > > pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain > que > > le contenu ne présente aucun risque. > > > > > > > > This proposal is great! PyPI security has been valued a lot these days. > > Glad we're also joining. > > > > Best, > > Wei > > > > > On Jun 25, 2024, at 8:01 PM, Jarek Potiuk <ja...@potiuk.com> wrote: > > > > > > Yes and no :) > > > > > > We publish alpha/betas - yes. No change there. But for RCs what we > > publish > > > in SVN currently are the packages that are built fro RC tag but without > > rc > > > suffix - so that when they pass the voting we upload them to PyPI > without > > > regenerating them (RC becomes final). > > > > > > But we do not publish the PYPI RCs - since PYPI uploads are immutable, > we > > > need to publish PYPI RCs with the rc suffixes. So far we just generated > > > them and published to PyPI for testing but we did not upload them to > SVN. > > > > > > > > > So if we want to pull RCs from SVN - we need to upload there both: the > RC > > > version for PyPI (with RC suffix) and the no-suffix candidate that > might > > > become the final version once voted. > > > > > > J > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org > > For additional commands, e-mail: dev-h...@airflow.apache.org > > > > >
