James Bennett pointed out that "package signing" is widely misunderstood
as referring specifically to end-to-end signing with individual
publisher keys, rather than to metdata signing in general.
This updates the title and abstract to instead use the term "signed
repository metadata", and also updates a few other sections that
still gave the impression that implementing PEP 458 would be
enough to give the full end-to-end signing support that is actually
covered in PEP 480.
Also removes the exec() and eval() caveats on the reference implementation
(those have been migrated now, albeit not using a code structure that we
would genuinely want to merge).
* Rename __parameters__ to __args__, for typing.py compatibility
* Genericize, re.{Pattern,Match} and io.IO
* list != list[int], but list[int] == list[int] (and list[str] != list[int])
* Add a lazy __parameters__ that contains the unique type vars in __args__ (also for typing.py compatibility)
* make dict[str][str] fail, but dict[T, str][int] return dict[int, str]
* expose proxy type as types.GenericAlias
* Link to implementation
* Explicitly state that pickling or copying should work
* PEP 376: Use ReST code syntax for literal characters
Without markup, it is very easy to confuse code with adjoining
punctuation.
* PEP 376: Use ReST syntax for code, rather than Markdown syntax
* Made various edits and clarifications to the pep including:
* letting the PSF appoint offline key holders
* moving content from abstract to motivation to make the abstract more succinct
* updating the threat model
* resolving some minor inconsistencies
* add link to cncf blog post
* PEP 458: use "OpenPGP" instead of "GPG". The signature format is OpenPGP. Other
OpenPGP implementations exist aside from gpg, the OpenPGP tool from the GnuPG project.
* PEP 611: relax hard limits and make 1 million a soft limit. Include recursion depth in limits.
* Reorganize part of motivation to account for soft vs. hard limits. Add qualification about recursion depth.
* Add non-goals section to clarify that this PEP does not remove support for GPG signatures.
* Update pep-0458.txt
Co-Authored-By: Trishank Karthik Kuppusamy <33133073+trishankatdatadog@users.noreply.github.com>
Co-authored-by: Trishank Karthik Kuppusamy <33133073+trishankatdatadog@users.noreply.github.com>
- Remove the MRO walker, PyType_DefiningTypeFromSlotFunc, as it was
found it can give wrong results when a type's special methods are
changed (which can be done from Python code).
Solving the issue is deferred to a future PEP (and/or perhaps a
private CPython function).
- Split public C-API from CPython implementation details. It turns out
that alternate C-API implementations have grown more important
since 2016, if only for experimenting with possible optimizations.
- Add potentially confusing terms "Defining Class" and "C-API" to the
terminology section.
- Mention that ht_module is not inherited by subclasses.
- Remove modules to be ported initially: zipimport (since rewritten
in Python), _io and _cvs (need module state from slot methods).
* Mention __class__ cell, expand slot methods in Future extensions
And fix a typo.
Add subsection to section "Managing Future Changes to the Update
Process" that explains how to transition from an old (e.g. because
it has become weak) to a new (e.g. stronger) hashing algorithm
without disrupting client workflows.
Guido van Rossum
Ethan Smith
Brandt Bucher
Éric Araujo
Barry Warsaw
Nick Coghlan
Łukasz Langa
Christopher Hunt
Hugo van Kemenade
Sumana Harihareswara
Petr Viktorin
Trishank Karthik Kuppusamy
Inada Naoki
Georg Brandl
Stéphane Bidoul
Shannon Zhu
Jason Fried
mnm678
dkg
Mark Shannon
Stéphane Bidoul
Shannon Zhu
Jonathan Jackson
lukpueh