Re: [Distutils] README file format and pypi.python.org
On Sun, Sep 22, 2013 at 2:15 PM, PJ Eby wrote: > On Sun, Sep 22, 2013 at 9:01 AM, Paul G. wrote: >> 1. What format should I use in my README.txt file for my package's content >> to be displayed on its package page? > > It's not the README file; it's the package's "long_description" > keyword, as specified in your setup.py setup() call. And the format > is reStructuredText For the record, the Python documentation covers this aspect of PyPI: http://docs.python.org/distutils/packageindex.html#pypi-package-display It also includes some troubleshooting info. However, it doesn't include anything about PyPI reading README.rst, etc if long_description isn't available (which maybe should be added). --Chris ___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
Re: [Distutils] README file format and pypi.python.org
On Sep 22, 2013, at 5:15 PM, PJ Eby wrote: > On Sun, Sep 22, 2013 at 9:01 AM, Paul G. wrote: >> 1. What format should I use in my README.txt file for my package's content >> to be displayed on its package page? > > It's not the README file; it's the package's "long_description" > keyword, as specified in your setup.py setup() call. And the format > is reStructuredText > >> 2. Do I have to use a different extension for the README? > > It doesn't matter, since the README is not read by PyPI. (You can put > code in your setup.py to read the file into the long_description > field, though. Take a look at other packages' setup.py files to see > how they do it.) > ___ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig Oops, I missed this, in some cases PyPI will read a README.rst (maybe a .txt too), typically if a long_description is not available. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail ___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
Re: [Distutils] README file format and pypi.python.org
On Sun, Sep 22, 2013 at 9:01 AM, Paul G. wrote: > 1. What format should I use in my README.txt file for my package's content > to be displayed on its package page? It's not the README file; it's the package's "long_description" keyword, as specified in your setup.py setup() call. And the format is reStructuredText > 2. Do I have to use a different extension for the README? It doesn't matter, since the README is not read by PyPI. (You can put code in your setup.py to read the file into the long_description field, though. Take a look at other packages' setup.py files to see how they do it.) ___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
[Distutils] README file format and pypi.python.org
Hi everyone, While playing around with packaging using Distutils2-py3, I created a package called PyIdGen https://pypi.python.org/pypi/PyIdGen and added README.txt file. I have seen that some packages have their documentation embedded into the packages' corresponding package pages @ pypi.python.org. For example, the 'py-postgresql 1.1.0' module @ 'https://pypi.python.org/pypi/py-postgresql/1.1.0' has its documentation on its package page. A few questions: 1. What format should I use in my README.txt file for my package's content to be displayed on its package page? 2. Do I have to use a different extension for the README? Regards, Paul G.___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
Re: [Distutils] has_security_fixes flag in PyPI
On 09/21/2013 04:51 PM, Donald Stufft wrote: > Any changes to PyPI would require the projects themselves to flag a > security issue which won't always happen. A third party project allows a > neutral party to handle this. One thing I don't fully get is how victi.ms - or any third party - collect information regarding the vulnerabilities? I understand there would be two sources of information? - public vulnerability databases - data submitted by package maintainers themselves (this would have to be routed to a third party somehow) > Also as Nick said PyPI itself is mostly in a holding pattern while a 2.0 > is being phased in, new features *are* possible but they are all weighed > against the amount of effort it will take (x2). Sure, I understand it now. cheers, -- Dariusz Suchojad https://zato.io ESB, SOA and cloud integrations in Python ___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
Re: [Distutils] [tuf] Testing pip security without and with TUF
On 9/21/13 9:09 PM, Donald Stufft wrote: On Sep 21, 2013, at 8:47 PM, Vladimir Diaz mailto:vladimir.v.d...@gmail.com>> wrote: What about a precompiled Python extension? Bundling wheels? The problem is when pip has a dependency on something and someone accidentally uninstalls that dependency it leaves pip in a broken state. Additionally pip uses itself to bootstrap itself so any extra dependency is something else the user has to install prior to bootstrapping pip. Dependencies can be "inlined" inside of pip to work around this issue. Then we come to the compiled code problem. Pip currently should work on any Python interpreter and not just CPython. PyPy for instance does not support the C API very well and there's a good chance that using C code without using something like CFFI, however using something like CFFI breaks the first rule. Adding C code into the pip repository also has some other problems related to Windows installation. All very valid points, and we do not disagree. Does TUF require the use of RSA? I've never found a pure Python RSA implementation that I would personally trust. It's one of the major reasons when I was planning out some ideas for a signing system my plan was to use ed25519 (http://ed25519.cr.yp.to/). It's a fast deterministic signature scheme that has a pure python implementation (~100 lines of code) written by DJB. Additionally the public keys are very small (32 bytes). Additionally there's lib sodium (which I've wrapped in PyNaCl) which implements ed25519 in high performance C code (which PyNaCl makes available in Python). No, nothing about TUF mandates RSA. ed25519 certainly sounds interesting, and we will consider it when we review our cryptography. As you said, it is important that our "read-only" cryptography is in pure Python for best portability. Let us get back to you on this matter. In the meantime, we will also get in touch with you about Warehouse. Thanks, Trishank ___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
