[Python-Dev] BDFL delegation for PEP 426 (PyPI metadata 1.3)
Nick Coghlan
ncoghlan at gmail.com
Sun Feb 3 14:04:01 CET 2013
On Sun, Feb 3, 2013 at 10:34 PM, Paul Moore <p.f.moore at gmail.com> wrote:
> So it's perfectly possible to use wheels right now, without the pip
> integration. But the pip developers don't want to integrate the wheel
> format just because it exists - they want the assurance that it's an
> accepted format supported by PEPs, hence the interest in getting the 3
> wheel PEPs (of which the metadata PEP is the first) accepted.
And they're right to be concerned - I've just made it clear to Daniel
that before PEP 427 will be accepted, it must either switch to using
S/MIME for signatures and drop support for Java Web Signatures
completely, or else it must contain a compelling rationale for why we
should even be considering a signature scheme that isn't yet an IETF
standard. I take the disclaimer the IETF put on their drafts
seriously: "It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." MvL raised
this concern last time the wheel format was discussed, and, to date,
nothing has happened to address it. JWS *does* look like a neat piece
of technology, but it's just too young to be basing our binary
distribution infrastructure on it (especially as new crypto is, by
default, bad crypto - that's why NIST/NSA hold their multi-year
competitions when they need to come up with new crypto related
algorithms).
The other two PEPs (the new metadata and the version compatibility
tags) are in a much better place. Most of the issues with PEP 426 have
been inherited from the previous version of the metadata, rather than
being related to the changes Daniel needed for the wheel format, and
I've just completed a new draft that should address most of those
problems. It's been a while since I looked closely at the
compatibility tag PEP, but I don't recall their being any significant
problems with it last time it was discussed.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list