On Nov 14, 2012, at 2:23 AM, Ronald Oussoren ronaldousso...@mac.com wrote:
On 13 Nov, 2012, at 17:21, Antoine Pitrou solip...@pitrou.net wrote:
Le Tue, 13 Nov 2012 16:10:30 +0100,
Ronald Oussoren ronaldousso...@mac.com a écrit :
On 13 Nov, 2012, at 16:00, Daniel Holth dho...@gmail.com
On 14 November 2012 12:04, Daniel Holth dho...@gmail.com wrote:
That has been tried already (setuptools, distribute, distutils2). Instead,
try bento (http://cournape.github.com/Bento/).
Hilariously everyone I've showed it to is immediately put off by the
indentation based syntax (who would
Well, you can build eggs with Bento, and I have a patch that allows it to
build wheels, in both cases it will produce pip-compatible metadata. The
Bento author has his own informed opinions about the way packaging should
work which do not necessarily include the packaging PEPs.
On 13 November 2012 10:26, M.-A. Lemburg m...@egenix.com wrote:
I agree with Martin. If the point is to to protect against cryptography
that is not used, then not using the de-facto standard in signing
open source distribution files, which today is PGP/GPG, misses that
point :-)
I agree as
On Tue, Nov 13, 2012 at 5:26 AM, M.-A. Lemburg m...@egenix.com wrote:
On 13.11.2012 10:51, Martin v. Löwis wrote:
Am 13.11.12 03:04, schrieb Nick Coghlan:
On Mon, Oct 29, 2012 at 4:47 AM, Daniel Holth dho...@gmail.com
mailto:dho...@gmail.com wrote:
I think Metadata 1.3 is done. Who
On Tue, Nov 13, 2012 at 4:00 PM, Daniel Holth dho...@gmail.com wrote:
I'm willing to go ahead and move any mention of signing algorithms into a
separate PEP, leaving only the basic manifest hash vs. file contents
verification under the auspices of this PEP.
From the discussion so far, that
On 13 Nov, 2012, at 16:00, Daniel Holth dho...@gmail.com wrote:
I want to remove distutils from the standard library.
Why? Distutils may not be perfect, but is usable for basic packages. It could
even be enhanced to support these peps and be even more useable, although
patches for that
The signatures section is now just:
+If JSON web signatures are used, one or more JSON Web Signature JSON
+Serialization (JWS-JS) signatures may be stored in a file RECORD.jws
+adjacent to RECORD. JWS is used to sign RECORD by including the SHA-256
+hash of RECORD as the JWS payload::
{