[SciPy-Dev] [Numpy-discussion] scipy 0.18 release candidate 1
Evgeni Burovski
evgeny.burovskiy at gmail.com
Tue Jun 21 17:37:47 EDT 2016
On Tue, Jun 21, 2016 at 9:16 PM, Matthew Brett <matthew.brett at gmail.com> wrote:
> On Tue, Jun 21, 2016 at 12:46 PM, Nathaniel Smith <njs at pobox.com> wrote:
>> It's keyed off the version number -- sdists or wheels whose version number
>> contains alpha/beta/rc/dev tags are skipped by pip by default, unless --pre
>> was passed.
>>
>> -n
>>
>> On Jun 21, 2016 12:39 PM, "Evgeni Burovski" <evgeny.burovskiy at gmail.com>
>> wrote:
>>>
>>> <snip>
>>>
>>> > Would it make sense to put these wheels on PyPI, so people can test them
>>> > with ``pip install scipy --pre``? We do that with Numpy wheels as well
>>> > now.
>
> We don't have built manylinux wheels for Python 3 because of the test
> failures, but the incantation to upload the wheels that are built is
> (I think):
>
> git clone https://github.com/MacPython/terryfy.git
> python terryfy/wheel-uploader -r warehouse -v -s -t manylinux1 scipy 0.18.0rc1
> python terryfy/wheel-uploader -r warehouse -v -s -t macosx scipy 0.18.0rc1
>
> You'll also need a 'warehouse' section in your ~/.pypirc, as in:
>
> [distutils]
> index-servers =
> pypi
> warehouse
>
> [pypi]
> username: my_user
> password: my_password
>
> [warehouse]
> repository: https://upload.pypi.io/legacy/
> username: my_warehouse_user
> password: my_warehouse_password
>
> and installations of "twine" and "beautifulsoup4".
>
> Cheers,
>
> Matthew
Thanks!
One question --- equally applicable to both pre-release and final
releases: Security. If we download the wheels from the build farm and
then upload to PyPI, how can a user check that what they download has
not be tampered with?
For source tarballs (and previously, Windows installers), we PGP sign
the git tag and include checksums in the README file. This way they
can at least verify the checksums.
More information about the SciPy-Dev
mailing list