Richard Jones | 6 Nov 10:02 2002

UPDATE: PyPI - Python Package Index

I've moved the Python Package Index (PyPI, which I pronounce as pih-pee) 
project to two new homes:

TEST Web interface:   http://www.amk.ca/cgi-bin/pypi.cgi
Source code:          http://sf.net/projects/pypi/

I've added a large amount of functionality, with only a few smaller tasks to 
go. Notably there's now user login, manual submission/editing and searching. 
Please, go kick the tyres. If you find a bug, please register it on 
sourceforge.

The PEP has been submitted to the PEP editors, so my fingers are crossed there 
:)

    Richard
Thomas Heller | 6 Nov 11:56 2002

Re: UPDATE: PyPI - Python Package Index

Richard Jones <rjones <at> ekit-inc.com> writes:

> I've moved the Python Package Index (PyPI, which I pronounce as pih-pee) 
> project to two new homes:
> 
> TEST Web interface:   http://www.amk.ca/cgi-bin/pypi.cgi
> Source code:          http://sf.net/projects/pypi/
> 
> I've added a large amount of functionality, with only a few smaller tasks to 
> go. Notably there's now user login, manual submission/editing and searching. 
> Please, go kick the tyres. If you find a bug, please register it on 
> sourceforge.

That's what I did ;-).

> 
> The PEP has been submitted to the PEP editors, so my fingers are crossed there 
> :)
> 

The real fun starts when the PEP is posted to a larger community.

Thomas
Richard Jones | 7 Nov 05:07 2002

Re: UPDATE: PyPI - Python Package Index

On Wed, 6 Nov 2002 8:02 pm, Richard Jones wrote:
> I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
> project to two new homes:
>
> TEST Web interface:   http://www.amk.ca/cgi-bin/pypi.cgi

Thanks to all the bug finders - most of the bugs were caused by 
mis-configuration (my not changing the URLs in the web and register code to 
point to amk's website). That's fixed now. As are the other bugs that popped 
up as soon as people who aren't me used the interface :)

I've also implemented PKG-INFO uploading, and hidden packages aren't shown on 
the index page.

   Richard
Thomas Heller | 7 Nov 19:18 2002
Picon

Re: UPDATE: PyPI - Python Package Index

Richard, a small additional thing:

You always seem to do GET requests.

This means, for requesting a login, the initial password
is part of the URL, and chances are high, that this URL will show up
in someone's referrer logs. Not nice, IMO.

I probably don't know the rules completely, but this is what I do,
and it makes sense to me:

- When a request changes something on the server, do a POST.

- When an URL searches for something, do a GET, so that I can bookmark
it.

- Otherwise, decide from case to case.

Oh, and it seems I've locked myself out somehow:
The password isn't accepted any more, when trying to request a new
password the server says 'email address unknown to me',
when trying to create a new user account (username theller), it says
'user "theller" already exists'.

Thomas
Thomas Heller | 7 Nov 19:40 2002
Picon

Re: New proposal, with PEP

Richard Jones <rjones <at> ekit-inc.com> writes:

> On Sun, 27 Oct 2002 5:37 am, Martin v. Loewis wrote:
> >  But if
> > that is the way to go, how is this different from the Vaults, or
> > Freshmeat? If I were to look for Python packages, I'd look at
> 
> Because:
> 
> 1. there's no integration with distutils, and consequently no one-shot, 
> trivial mechanism for submitting metadata,
> 2. neither of the above are hosted at python.org, and hence don't have any of 
> the legitemacy that that hosting would bring, and
> 3. Freshmeat is a pain to use, and only supports open-source Linux projects 
> (or at a minimum open-source projects that are available on Linux).
> 

Not a very satisfactory answer, IMO.

Some time ago, the vaults have been the best place to find new python
software.

Search engines have improved, bandwidths have improved, so nowadays I
can certainly find interesting things with google *only*.  Many things
can simply be find by entering http://packageIwant.sf.net/ ;-). 

The only things I'm missing so far (but maybe I simply haven't found
them) is a way to automatically find the URL of the newest version of
a certain software package for a certain Python version, say Numeric,
win32all, wxPython or whatever.
(Continue reading)

Richard Jones | 7 Nov 22:10 2002

Re: UPDATE: PyPI - Python Package Index

On Fri, 8 Nov 2002 5:18 am, Thomas Heller wrote:
> Richard, a small additional thing:
>
> You always seem to do GET requests.
>
> This means, for requesting a login, the initial password
> is part of the URL, and chances are high, that this URL will show up
> in someone's referrer logs. Not nice, IMO.

Oops, you're absolutely correct, the registration form should perform a POST. 
This is why I have "people who aren't me" testing it out, to find the obvious 
glaring problems :)

> Oh, and it seems I've locked myself out somehow:
> The password isn't accepted any more, when trying to request a new
> password the server says 'email address unknown to me',
> when trying to create a new user account (username theller), it says
> 'user "theller" already exists'.

I need to implement a second form of password resetting, using the model 
sourceforge uses: given a username, send an email to the user's address with 
a OTK which when passed back to the server will reset the password.

   Richard
Richard Jones | 7 Nov 22:13 2002

Re: Re: New proposal, with PEP

On Fri, 8 Nov 2002 5:40 am, Thomas Heller wrote:
> Richard Jones <rjones <at> ekit-inc.com> writes:
> > On Sun, 27 Oct 2002 5:37 am, Martin v. Loewis wrote:
> > >  But if
> > > that is the way to go, how is this different from the Vaults, or
> > > Freshmeat? If I were to look for Python packages, I'd look at
> >
> > Because:
> >
> > 1. there's no integration with distutils, and consequently no one-shot,
> > trivial mechanism for submitting metadata,
> > 2. neither of the above are hosted at python.org, and hence don't have
> > any of the legitemacy that that hosting would bring, and
> > 3. Freshmeat is a pain to use, and only supports open-source Linux
> > projects (or at a minimum open-source projects that are available on
> > Linux).
>
> Not a very satisfactory answer, IMO.
>
> Some time ago, the vaults have been the best place to find new python
> software.

For existing users of python, maybe. Even I tend to not use the vaults as much 
as I should. New users certainly have no idea what the "Vaults of Parnassus" 
might be, or that they actually are the most complete index of python stuff.

I believe my first two points are still quite valid. I would love to work with 
the Vaults people, but I've attempted to contact them to no avail.

> Search engines have improved, bandwidths have improved, so nowadays I
(Continue reading)

Pete Shinners | 9 Nov 01:22 2002

Re: UPDATE: PyPI - Python Package Index

Richard Jones wrote:
> I've moved the Python Package Index (PyPI, which I pronounce as pih-pee) 
> project to two new homes:

the latest round of fixes seems to have cleaned things up. my latest
submission attempt ended with "Server response (success): success".

although it appears my package is not online right now? i cannot see it in
the list, and i cannot search for it (perhaps it is hidden?). it should be
a "pygame-1.5.4", but i'm not sure where it went?
Thomas Heller | 8 Nov 17:54 2002
Picon

Request password reset problem

error

Traceback (most recent call last):
  File "/home/rjones/src/pypi/webui.py", line 87, in run
    self.inner_run()
  File "/home/rjones/src/pypi/webui.py", line 177, in inner_run
    action = self.form[':action'].value
AttributeError: value
Richard Jones | 8 Nov 23:03 2002

Re: UPDATE: PyPI - Python Package Index

On Sat, 9 Nov 2002 11:22 am, Pete Shinners wrote:
> Richard Jones wrote:
> > I've moved the Python Package Index (PyPI, which I pronounce as pih-pee)
> > project to two new homes:
>
> the latest round of fixes seems to have cleaned things up. my latest
> submission attempt ended with "Server response (success): success".
>
> although it appears my package is not online right now? i cannot see it in
> the list, and i cannot search for it (perhaps it is hidden?). it should be
> a "pygame-1.5.4", but i'm not sure where it went?

Hurm. It is there. Not sure why the hidden flag was unset. I'll look into it. 
FYI you can access the entry as:

  http://www.amk.ca/cgi-bin/pypi.cgi?:action=display&name=pygame&version=1.5.4

And edit it to set the hidden flag to "No".

    Richard

Gmane