[Distutils] option #1 plus download_url scraping
Donald Stufft
donald at stufft.io
Wed Jun 5 20:47:58 CEST 2013
On Jun 5, 2013, at 1:49 PM, Barry Warsaw <barry at python.org> wrote:
> On Jun 05, 2013, at 12:16 PM, Donald Stufft wrote:
>
>> Where are you updating the version information at? And how are you generating
>> a tarball so that it's name has the correct version in it?
>
> It depends on the package, but let's say it's in a version.txt file. Your
> implication is correct though - if setup.py is parsing that file to calculate
> the version key, it can also do the same and calculate the download_url value.
>
> -Barry
I'm really just trying to get a sense of your workflow to see if I can make any changes to improve the process for it.
One of the big problems with download_url is that the data in setup.py is used in (and influences the content of) the final dist file. This means that inside of a setup.py you won't know what the hash of the final file is. So it's difficult for a setup.py based workflow with external urls to provide md5 sums for the files which means that pip and friends can't verify that no body modified the download in transit.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130605/0644e119/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130605/0644e119/attachment-0001.pgp>
More information about the Distutils-SIG
mailing list