-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PEP 480: Fix status, author, discuss, reference
Move from Deferred to Draft status, update discussion venue and author list, and fix an obsolete reference to Distutils. Signed-off-by: Sumana Harihareswara <[email protected]>
- Loading branch information
Showing
1 changed file
with
19 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,10 +4,10 @@ Version: $Revision$ | |
| Last-Modified: $Date$ | ||
| Author: Trishank Karthik Kuppusamy <[email protected]>, | ||
| Vladimir Diaz <[email protected]>, | ||
| Justin Cappos <[email protected]> | ||
| BDFL-Delegate: Richard Jones <r1chardj0n3s@gmail.com> | ||
| Discussions-To: DistUtils mailing list <distutils-sig@python.org> | ||
| Status: Deferred | ||
| Justin Cappos <[email protected]>, Marina Moore <[email protected]> | ||
| BDFL-Delegate: Paul Moore <p.f.moore@gmail.com> | ||
| Discussions-To: Packaging category on Python Discourse <https://discuss.python.org/c/packaging> | ||
| Status: Draft | ||
| Type: Standards Track | ||
| Content-Type: text/x-rst | ||
| Requires: 458 | ||
|
|
@@ -56,8 +56,12 @@ distributions. | |
| PEP Status | ||
| ========== | ||
|
|
||
| Due to the amount of work required to implement this PEP, it is deferred until | ||
| appropriate funding can be secured to implement the PEP. | ||
| The community discussed this PEP from 2014 to 2018. Due to the amount | ||
| of work required to implement this PEP, discussion was deferred until | ||
| after approval for the precursor step in PEP 458. As of mid-2020 PEP | ||
| 458 is approved and implementation is in progress, and the PEP authors | ||
| aim to gain approval so they can secure appropriate funding for | ||
| implementation. | ||
|
|
||
|
|
||
| Rationale | ||
|
|
@@ -276,7 +280,7 @@ Files, and Key Management) cover the cryptographic components of the developer | |
| release process. That is, which key type PyPI supports, how keys may be | ||
| stored, and how keys may be generated. The two subsections that follow the | ||
| first three discuss the PyPI modules that SHOULD be modified to support TUF | ||
| metadata. For example, Twine and Distutils are two projects that SHOULD be | ||
| metadata. For example, Twine and Distlib are two projects that SHOULD be | ||
| modified. Finally, the last subsection goes over the automated key management | ||
| and signing solution that is RECOMMENDED for the signing tools. | ||
|
|
||
|
|
@@ -341,14 +345,15 @@ distributions, and prevents MITM attacks on usernames and passwords. | |
| __ https://github.com/pypa/twine | ||
|
|
||
|
|
||
| Distutils | ||
| --------- | ||
| Distlib | ||
| ------- | ||
|
|
||
| `Distutils`__ MAY be modified to sign metadata and to upload signed distributions | ||
| to PyPI. Distutils comes packaged with CPython and is the most widely-used | ||
| tool for uploading distributions to PyPI. | ||
| `Distlib`__ MAY be modified to sign metadata and to upload signed | ||
| distributions to PyPI. Distlib is a library which implements | ||
| low-level functions that relate to packaging and publication of | ||
| Python software, including uploading distributions to PyPI. | ||
|
|
||
| __ https://docs.python.org/2/distutils/index.html#distutils-index | ||
| __ https://packaging.python.org/key_projects/#distlib | ||
|
|
||
|
|
||
| Automated Signing Solution | ||
|
|
@@ -410,7 +415,7 @@ management is preferred (e.g., ssh-copy-id). | |
|
|
||
| The `repository`__ and `developer`__ TUF tools currently support all of the | ||
| recommendations previously mentioned, except for the automated signing | ||
| solution, which SHOULD be added to Distutils, Twine, and other third-party | ||
| solution, which SHOULD be added to Distlib, Twine, and other third-party | ||
| signing tools. The automated signing solution calls available repository tool | ||
| functions to sign metadata and to generate the cryptographic key files. | ||
|
|
||
|
|
||