Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-14 Thread Daniel Holth
Well, you can build eggs with Bento, and I have a patch that allows it to build wheels, in both cases it will produce pip-compatible metadata. The Bento author has his own informed opinions about the way packaging should work which do not necessarily include the packaging PEPs. ___

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-14 Thread Paul Moore
On 14 November 2012 12:04, Daniel Holth wrote: > That has been tried already (setuptools, distribute, distutils2). Instead, > try bento (http://cournape.github.com/Bento/). > > Hilariously everyone I've showed it to is immediately put off by the > indentation based syntax (who would use such a th

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-14 Thread Daniel Holth
On Nov 14, 2012, at 2:23 AM, Ronald Oussoren wrote: > > On 13 Nov, 2012, at 17:21, Antoine Pitrou wrote: > >> Le Tue, 13 Nov 2012 16:10:30 +0100, >> Ronald Oussoren a écrit : >>> >>> On 13 Nov, 2012, at 16:00, Daniel Holth wrote: I want to remove distutils from the standard libra

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-13 Thread Daniel Holth
The signatures section is now just: +If JSON web signatures are used, one or more JSON Web Signature JSON +Serialization (JWS-JS) signatures may be stored in a file RECORD.jws +adjacent to RECORD. JWS is used to sign RECORD by including the SHA-256 +hash of RECORD as the JWS payload:: { "ha

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-13 Thread Ronald Oussoren
On 13 Nov, 2012, at 16:00, Daniel Holth wrote: > > I want to remove distutils from the standard library. Why? Distutils may not be perfect, but is usable for basic packages. It could even be enhanced to support these peps and be even more useable, although patches for that would run into the

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-13 Thread Dirkjan Ochtman
On Tue, Nov 13, 2012 at 4:00 PM, Daniel Holth wrote: > I'm willing to go ahead and move any mention of signing algorithms into a > separate PEP, leaving only the basic manifest hash vs. file contents > verification under the auspices of this PEP. >From the discussion so far, that seems like the s

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-13 Thread Daniel Holth
On Tue, Nov 13, 2012 at 5:26 AM, M.-A. Lemburg wrote: > On 13.11.2012 10:51, "Martin v. Löwis" wrote: > > Am 13.11.12 03:04, schrieb Nick Coghlan: > >> On Mon, Oct 29, 2012 at 4:47 AM, Daniel Holth >> > wrote: > >> > >> I think Metadata 1.3 is done. Who would like to

Re: [Python-Dev] [Distutils] [Catalog-sig] accept the wheel PEPs 425, 426, 427

2012-11-13 Thread Paul Moore
On 13 November 2012 10:26, M.-A. Lemburg wrote: > I agree with Martin. If the point is to "to protect against cryptography > that is not used", then not using the de-facto standard in signing > open source distribution files, which today is PGP/GPG, misses that > point :-) > I agree as well. For