PEP 480: Fix status, author, discuss, reference (#1693)
This commit is contained in:
Sumana Harihareswara
GitHub
parent
d4d4fe7b6f
commit
5451f7963c
36
pep-0480.txt
36
pep-0480.txt
|
|
@ -4,10 +4,10 @@ Version: $Revision$
|
|||
Last-Modified: $Date$
|
||||
Author: Trishank Karthik Kuppusamy <karthik@trishank.com>,
|
||||
Vladimir Diaz <vladimir.diaz@nyu.edu>,
|
||||
Justin Cappos <jcappos@nyu.edu>
|
||||
BDFL-Delegate: Richard Jones <r1chardj0n3s@gmail.com>
|
||||
Discussions-To: DistUtils mailing list <distutils-sig@python.org>
|
||||
Status: Deferred
|
||||
Justin Cappos <jcappos@nyu.edu>, Marina Moore <mm9693@nyu.edu>
|
||||
BDFL-Delegate: Donald Stufft <donald@stufft.io>
|
||||
Discussions-To: Packaging category on Python Discourse <https://discuss.python.org/c/packaging>
|
||||
Status: Draft
|
||||
Type: Standards Track
|
||||
Content-Type: text/x-rst
|
||||
Requires: 458
|
||||
|
|
@ -56,8 +56,12 @@ distributions.
|
|||
PEP Status
|
||||
==========
|
||||
|
||||
Due to the amount of work required to implement this PEP, it is deferred until
|
||||
appropriate funding can be secured to implement the PEP.
|
||||
The community discussed this PEP from 2014 to 2018. Due to the amount
|
||||
of work required to implement this PEP, discussion was deferred until
|
||||
after approval for the precursor step in PEP 458. As of mid-2020 PEP
|
||||
458 is approved and implementation is in progress, and the PEP authors
|
||||
aim to gain approval so they can secure appropriate funding for
|
||||
implementation.
|
||||
|
||||
|
||||
Rationale
|
||||
|
|
@ -341,14 +345,11 @@ distributions, and prevents MITM attacks on usernames and passwords.
|
|||
__ https://github.com/pypa/twine
|
||||
|
||||
|
||||
Distutils
|
||||
---------
|
||||
Build backends
|
||||
--------------
|
||||
|
||||
`Distutils`__ MAY be modified to sign metadata and to upload signed distributions
|
||||
to PyPI. Distutils comes packaged with CPython and is the most widely used
|
||||
tool for uploading distributions to PyPI.
|
||||
|
||||
__ https://docs.python.org/2/distutils/index.html#distutils-index
|
||||
Build backends MAY be modified to sign metadata and to upload signed
|
||||
distributions to PyPI.
|
||||
|
||||
|
||||
Automated Signing Solution
|
||||
|
|
@ -410,7 +411,7 @@ management is preferred (e.g., ssh-copy-id).
|
|||
|
||||
The `repository`__ and `developer`__ TUF tools currently support all of the
|
||||
recommendations previously mentioned, except for the automated signing
|
||||
solution, which SHOULD be added to Distutils, Twine, and other third-party
|
||||
solution, which SHOULD be added to Distlib, Twine, and other third-party
|
||||
signing tools. The automated signing solution calls available repository tool
|
||||
functions to sign metadata and to generate the cryptographic key files.
|
||||
|
||||
|
|
@ -894,9 +895,10 @@ conclusions or recommendations expressed in this material are those of the
|
|||
author(s) and do not necessarily reflect the views of the National Science
|
||||
Foundation.
|
||||
|
||||
We thank Nick Coghlan, Daniel Holth, Donald Stufft, and the distutils-sig
|
||||
community in general for helping us to think about how to usably and
|
||||
efficiently integrate TUF with PyPI.
|
||||
We thank Nick Coghlan, Daniel Holth, Donald Stufft, Sumana
|
||||
Harihareswara, and the distutils-sig community in general for helping
|
||||
us to think about how to usably and efficiently integrate TUF with
|
||||
PyPI.
|
||||
|
||||
Roger Dingledine, Sebastian Hahn, Nick Mathewson, Martin Peck and Justin
|
||||
Samuel helped us to design TUF from its predecessor Thandy of the Tor project.
|
||||
|
|
|
|||
Loading…
Reference in New Issue