[Catalog-sig] Fwd: Re: New pythonpackages.com service coming soon

Tarek Ziadé ziade.tarek at gmail.com
Mon Jan 23 00:37:24 CET 2012 

On Sun, Jan 22, 2012 at 12:57 P

>
>  Maybe there's a way to make
>> this more secure, like making session based authorization ? Or that's
>> what you planned maybe ?
>>
>
> I'm not sure what you mean, but I'm certainly planning lots of things for
> the future, assuming things go well. WRT to sessions the app currently uses
> Pyramid's auth_tkt policy, which configures a session for anyone that
> authorizes the app on github.com.
>

I meant giving a temporary access to my PyPI packages from within your
application when performing tasks, not a complete & permanent one where you
application could perform unwanted tasks at PyPI if the server gets hacked.

I am not sure how this could be done practically speaking, it depends on
the client UI.

Cheers
Tarek




>
>  Otherwise cool idea
>>
>
> Thanks
>
>
> Alex
>
> [1] http://lxc.sourceforge.net/
> [2] http://devcenter.heroku.com/**articles/config-vars#an_**example<http://devcenter.heroku.com/articles/config-vars#an_example>
>
>
>
>> Cheers
>> Tarek
>>
>> On Jan 22, 2012 9:04 AM, "Alex Clark" <aclark at aclark.net
>> <mailto:aclark at aclark.net>> wrote:
>>
>>    Folks,
>>
>>    I have created a new service aimed at making it easier to release
>>    Python packages to PyPI. The primary user is currently: me. And to
>>    date, I have only released a single package with it: Pillow (well,
>>    in fact I really only tested a portion of the release process with
>>    Pillow).
>>
>>    It works like this:
>>
>>    - I have created a "user" `pythonpackages` on PyPI
>>    - I have uploaded an ssh key [1].
>>    - I have added `pythonpackages` as a maintainer of `Pillow`.
>>    - You can imagine the rest (and if you can't, it's a secret for now.)
>>
>>    Now, I read the TOS very carefully before creating the
>>    `pythonpackages` "user". And there was nothing in it to indicate
>>    this action is anything other than "fair use". But I want to bring
>>    it to the attention of the PyPI maintainers now, in the event the
>>    service becomes popular later (I know at least I am planning to use
>>    it quite a bit. And we have ~70 beta users signed up to begin testing.)
>>
>>    The bottom line is: there is now a "user" on the PyPI called
>>    `pythonpackages` that is in fact not a user, but a website
>>    (pythonpackages.com <http://pythonpackages.com>). By adding the
>>
>>    "user" `pythonpackages` as a Maintainer to your package, you will be
>>    able to use the pythonpackages.com <http://pythonpackages.com>
>>
>>    service to automate your release process in some exciting capacity,
>>    to be revealed soon. This is just one aspect of the service I am
>>    building, but it is an important milestone that I wanted to share
>>    (for obvious reasons).
>>
>>    I welcome any comments/questions/concerns. It is my sincere hope
>>    that at the most, I am not offending anyone with my actions and at
>>    the least, I am not violating any terms or conditions that I don't
>>    know about.
>>
>>    Sincerely,
>>
>>
>>    Alex Clark
>>
>>
>>    [1] I am using pypissh, http://pythonpackages.com/__**info/pypissh<http://pythonpackages.com/__info/pypissh>
>>
>>    <http://pythonpackages.com/**info/pypissh<http://pythonpackages.com/info/pypissh>>
>> (many thanks to Martin von
>>    Löwis for this).
>>
>>
>>    --
>>    Alex Clark · http://pythonpackages.com
>>
>>    ______________________________**___________________
>>    Catalog-SIG mailing list
>>    Catalog-SIG at python.org <mailto:Catalog-SIG at python.org**>
>>    http://mail.python.org/__**mailman/listinfo/catalog-sig<http://mail.python.org/__mailman/listinfo/catalog-sig>
>>    <http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig>
>> >
>>
>>
>>
>>
>> ______________________________**_________________
>> Catalog-SIG mailing list
>> Catalog-SIG at python.org
>> http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig>
>>
>
>
> --
> Alex Clark · http://pythonpackages.com
>
> ______________________________**_________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig>
>



-- 
Tarek Ziadé | http://ziade.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120122/9a6ff42f/attachment-0001.html>

More information about the Catalog-SIG mailing list