[Catalog-sig] pythonpackages.com beta security
Alex Clark
aclark at aclark.net
Fri Jul 20 18:37:30 CEST 2012
Hi,
On 7/20/12 2:38 AM, Richard Jones wrote:
> On 20 July 2012 15:43, Donald Stufft <donald.stufft at gmail.com> wrote:
>> On Friday, July 20, 2012 at 1:07 AM, Richard Jones wrote:
>>
>> That's OAuth2, which is quite unlike the OAuth1(a) that we
>> implemented. You cannot do OAuth1 with just requests, as far as I'm
>> aware. There's no documentation for PyPI OAuth as we're still waiting
>> for it to be used by someone to prove its usefulness.
>>
>> I havn't had a chance yet (doing a major refactor first), but there's
>> experimental
>> OAuth 1a support in the most recent versions of requests.
>
> Oh, nice! I'll see if I can find some time over the weekend to write
> up how to use that against the PyPI implementation.
Nice indeed! I'll take a look, too. Assuming I can get oauth1 going,
will that allow me to make releases on behalf of users? I'm not sure if
this is an oauth1 or 2 thing, but on GitHub you can choose which "scope"
you want your application to ask the user to grant to it:
- http://developer.github.com/v3/oauth/#scopes
So at the very least, I'd like my application to enable users to do the
equivalent of distutils' register and upload commands. The workflow
looks something like this:
- Create package via PasteScript-powered web form:
https://pythonpackages.com/manage/package/new
- Clone, develop code locally, and push
- Test the package release on pythonpackages.com via web form
submissions that execute the following:
$ python setup.py install
$ python setup.py sdist upload -r http://index.pythonpackages.com
- Manually test the release locally via:
$ pip install PACKAGE -i http://index.pythonpackages.com
- Release the package to PyPI via
$ python setup.py register sdist upload
Alex
>
>
> Richard
>
--
Alex Clark · http://pythonpackages.com/ONE_CLICK_RELEASE
More information about the Catalog-SIG
mailing list