subject:"\[Distutils\] Closing the Delete File \+ Re\-upload File Loophole."

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

2015-02-02 Thread Xavier Fernandez

Not sure if it fits your bill (or if it works, since I did not know how
testpypi) but you can put something like that in your .pypirc:

[distutils]
index-servers =
pypi
testpypi

[pypi]
username:public_pypi_login_if_needed
password:public_pypi_password_if_needed

[testpypi]
repository:https://testpypi.python.org
username:testpypi_login
password:testpypi_password

And specify which repository to use when registering/uploading via the
--repository (-r) option.


On Mon, Feb 2, 2015 at 11:10 PM, Erik Bray  wrote:

> On Sat, Jan 24, 2015 at 1:53 PM, Marc Abramowitz 
> wrote:
> >> You can re-run register as many times as you want which is all you need
> to adjust the README.
> >
> > Maybe true but it would be pretty awesome to solve
> https://bitbucket.org/pypa/pypi/issue/161/rest-formatting-fails-and-there-is-no-way
> because repeatedly registering and doing trial and error is also not a
> great experience and it wastes PyPI resources.
>
> I usually register on testpypi.python.org to assuage this fear.
> Granted it's a little annoying to do, because last I checked the only
> way to do this (may this is has been fixed--someone can correct me) is
> to change your .pypirc with credentials to testpypi.
>
> Has .pypirc been done away with yet?
>
> Erik
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

2015-02-02 Thread Erik Bray

On Sat, Jan 24, 2015 at 1:53 PM, Marc Abramowitz  wrote:
>> You can re-run register as many times as you want which is all you need to 
>> adjust the README.
>
> Maybe true but it would be pretty awesome to solve 
> https://bitbucket.org/pypa/pypi/issue/161/rest-formatting-fails-and-there-is-no-way
>  because repeatedly registering and doing trial and error is also not a great 
> experience and it wastes PyPI resources.

I usually register on testpypi.python.org to assuage this fear.
Granted it's a little annoying to do, because last I checked the only
way to do this (may this is has been fixed--someone can correct me) is
to change your .pypirc with credentials to testpypi.

Has .pypirc been done away with yet?

Erik
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

2015-01-24 Thread Marc Abramowitz

> You can re-run register as many times as you want which is all you need to 
> adjust the README.

Maybe true but it would be pretty awesome to solve 
https://bitbucket.org/pypa/pypi/issue/161/rest-formatting-fails-and-there-is-no-way
 because repeatedly registering and doing trial and error is also not a great 
experience and it wastes PyPI resources. 


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

2015-01-24 Thread Ian Cordasco

On Sat, Jan 24, 2015 at 11:38 AM, Donald Stufft  wrote:
>
> On Jan 24, 2015, at 12:37 PM, John Anderson  wrote:
>
>
>
> On Saturday, January 24, 2015, Donald Stufft  wrote:
>>
>> I've pushed changes to PyPI where it is no longer possible to reuse a
>> filename
>> and attempting to do it will give an 400 error that says:
>>
>> This filename has previously been used, you should use a different
>> version.
>>
>> This does NOT prevent authors from being allowed to delete files from
>> PyPI,
>> however if a file is deleted from PyPI it cannot be re-uploaded again.
>> This
>> means that if you upload say foobar-1.0.tar.gz, and your 1.0 has a mistake
>> in
>> it then you *must* issue a new release to correct it.
>>
>> ---
>> Donald Stufft
>> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>>
>
> My only concern is that there is no reliable way to test that your README
> will be parsed correctly. Is there a timeline for switch it to use
> https://github.com/pypa/readme?
>
> I would say majority of the time I do a release of the same version it's
> because of the fragile rst parsing.
>
> If I have to run the risk of bumping versions just to fix a valid
> restructured text document to fit pypi parsing it'll make releasing a very
> stressful experience.
>
>
> You can re-run register as many times as you want which is all you need to
> adjust the README.
>
> ---
> Donald Stufft
> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>
>
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>

.post{N} releases are also a good way of fixing this in the package
(assuming you want the most current and correct version of the README
to be what the user downloads). The .post{N} part of PEP440 is
semantically for build errors in a package where no other changes to
the package have been made. I think this qualifies as a use case.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

2015-01-24 Thread Donald Stufft


> On Jan 24, 2015, at 12:37 PM, John Anderson  wrote:
> 
> 
> 
> On Saturday, January 24, 2015, Donald Stufft  > wrote:
> I've pushed changes to PyPI where it is no longer possible to reuse a filename
> and attempting to do it will give an 400 error that says:
> 
> This filename has previously been used, you should use a different 
> version.
> 
> This does NOT prevent authors from being allowed to delete files from PyPI,
> however if a file is deleted from PyPI it cannot be re-uploaded again. This
> means that if you upload say foobar-1.0.tar.gz, and your 1.0 has a mistake in
> it then you *must* issue a new release to correct it.
> 
> ---
> Donald Stufft
> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
>  
> My only concern is that there is no reliable way to test that your README 
> will be parsed correctly. Is there a timeline for switch it to use 
> https://github.com/pypa/readme ?
> 
> I would say majority of the time I do a release of the same version it's 
> because of the fragile rst parsing.
> 
> If I have to run the risk of bumping versions just to fix a valid 
> restructured text document to fit pypi parsing it'll make releasing a very 
> stressful experience. 
> 

You can re-run register as many times as you want which is all you need to 
adjust the README.

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

2015-01-24 Thread John Anderson

On Saturday, January 24, 2015, Donald Stufft  wrote:

> I've pushed changes to PyPI where it is no longer possible to reuse a
> filename
> and attempting to do it will give an 400 error that says:
>
> This filename has previously been used, you should use a different
> version.
>
> This does NOT prevent authors from being allowed to delete files from PyPI,
> however if a file is deleted from PyPI it cannot be re-uploaded again. This
> means that if you upload say foobar-1.0.tar.gz, and your 1.0 has a mistake
> in
> it then you *must* issue a new release to correct it.
>
> ---
> Donald Stufft
> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>
>
My only concern is that there is no reliable way to test that your README
will be parsed correctly. Is there a timeline for switch it to use
https://github.com/pypa/readme?

I would say majority of the time I do a release of the same version it's
because of the fragile rst parsing.

If I have to run the risk of bumping versions just to fix a valid
restructured text document to fit pypi parsing it'll make releasing a very
stressful experience.



> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org 
> https://mail.python.org/mailman/listinfo/distutils-sig
>
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

[Distutils] Closing the Delete File + Re-upload File Loophole.

2015-01-24 Thread Donald Stufft

I've pushed changes to PyPI where it is no longer possible to reuse a filename
and attempting to do it will give an 400 error that says:

This filename has previously been used, you should use a different version.

This does NOT prevent authors from being allowed to delete files from PyPI,
however if a file is deleted from PyPI it cannot be re-uploaded again. This
means that if you upload say foobar-1.0.tar.gz, and your 1.0 has a mistake in
it then you *must* issue a new release to correct it.

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

Re: [Distutils] Closing the Delete File + Re-upload File Loophole.

[Distutils] Closing the Delete File + Re-upload File Loophole.

7 matches

Site Navigation

Mail list logo

Footer information