headers
Georg Brandl | 1 May 2012 09:32
Picon
Gravatar

Re: PGP key for pip package

On 30.04.2012 17:52, David Fischer wrote:
> Hi,
> 
> I've been playing around with PGP signing as it relates to Python
> packages. There are relatively few signed packages in Cheeseshop but
> one of them is the pip package[1]. Does anyone know where I could get
> the public key used to verify this package (key ID 0171DF30)? Perhaps
> I am missing something obvious.

I could import it from hkp://wwwkeys.pgp.net, but only when searching for
"Leidel", and not for the ID.

Georg
Permalink | Reply | 2 comments |
headers
Martin v. Löwis | 1 May 2012 12:10
Picon
Gravatar

Re: PGP key for pip package

On 01.05.2012 09:32, Georg Brandl wrote:
> On 30.04.2012 17:52, David Fischer wrote:
>> Hi,
>>
>> I've been playing around with PGP signing as it relates to Python
>> packages. There are relatively few signed packages in Cheeseshop but
>> one of them is the pip package[1]. Does anyone know where I could get
>> the public key used to verify this package (key ID 0171DF30)? Perhaps
>> I am missing something obvious.
>
> I could import it from hkp://wwwkeys.pgp.net, but only when searching for
> "Leidel", and not for the ID.

If you put "0x0171DF30" into "Search String" at http://pgp.mit.edu/,
it sends you to

http://pgp.mit.edu:11371/pks/lookup?search=0x0171DF30&op=index

Regards,
Martin
Permalink | Reply | 1 comment |
headers
David Fischer | 1 May 2012 18:19
Picon
Gravatar

Re: PGP key for pip package

This is perfect. I had looked on pgp.mit.edu, but I had neglected the
"0x" prefix and my search turned up nothing.

Thanks guys.

-David

On Tue, May 1, 2012 at 3:10 AM, "Martin v. Löwis" <martin <at> v.loewis.de> wrote:
> On 01.05.2012 09:32, Georg Brandl wrote:
>>
>> On 30.04.2012 17:52, David Fischer wrote:
>>>
>>> Hi,
>>>
>>> I've been playing around with PGP signing as it relates to Python
>>> packages. There are relatively few signed packages in Cheeseshop but
>>> one of them is the pip package[1]. Does anyone know where I could get
>>> the public key used to verify this package (key ID 0171DF30)? Perhaps
>>> I am missing something obvious.
>>
>>
>> I could import it from hkp://wwwkeys.pgp.net, but only when searching for
>> "Leidel", and not for the ID.
>
>
> If you put "0x0171DF30" into "Search String" at http://pgp.mit.edu/,
> it sends you to
>
> http://pgp.mit.edu:11371/pks/lookup?search=0x0171DF30&op=index
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
anatoly techtonik | 8 May 2012 16:28
Picon
Gravatar

Re: PyPI code now on bitbucket

Hi,

Noah Kantrowitz <noah <at> coderanger.net> writes:
>
> Doug, can you make a PyPI repo under the PSF account and add martin and 
richard as admins? Then you can just
> push there too and all will be well  You might want to just remove the copy 
under your username and fork the
> main one after that so it is in the forks list, but the repo under your 
username can be used for your personal
> development while the main one stays stable for deployment.
> 
> --Noah
> 
> On Mar 15, 2012, at 11:36 AM, Martin v. Löwis wrote:
> 
> > Am 15.03.12 11:19, schrieb Jesper Noehr:
> >> Doug Hellmann sits on the PSF account on our end. 
> > 
> > Ah, ok. Who needs to do what to make this happen?
> > 
> > Regards,
> > Martin

Great news. I may now kill my own mirror. =)
Sorry for the mess - Gmane doesn't allow top posting.

Who not just open `pydotorg` account and move all *.python.org code there? PSF 
looks more like a financial institution than a community that supports this 
stuff. It will make clear that you don't need to be a member of PSF to
(Continue reading)

Permalink | Reply | 0 comments |
headers
anatoly techtonik | 9 May 2012 12:51
Picon
Gravatar

PyPI pull request

Hi,

Anybody to merge my changes from
https://bitbucket.org/techtonik/pypi-techtonik ?
--
anatoly t.
Permalink | Reply | 12 comments |
headers
David Glick | 11 May 2012 00:56
Picon
Gravatar

spam on PyPI

Someone is posting spam to PyPI today. Examples:

http://pypi.python.org/pypi/drsultan/Spell%20Caster%20and%20spiritual%20healer.%20Call%3B%20%20%20%2B27722820647

http://pypi.python.org/pypi/drsultan/Strong%20Spell%20Caster%20and%20spiritual%20healer.%20Call%3B%20%20%20%2B27722820647
Permalink | Reply | 2 comments |
headers
Richard Jones | 11 May 2012 01:27
Favicon

Re: spam on PyPI

On 11 May 2012 08:56, David Glick <dglick <at> gmail.com> wrote:
> Someone is posting spam to PyPI today. Examples:
> http://pypi.python.org/pypi/drsultan/Spell%20Caster%20and%20spiritual%20healer.%20Call%3B%20%20%20%2B27722820647
> http://pypi.python.org/pypi/drsultan/Strong%20Spell%20Caster%20and%20spiritual%20healer.%20Call%3B%20%20%20%2B27722820647

Thanks for reporting it, and thanks to whoever cleaned it up.

     Richard
Permalink | Reply | 0 comments |
headers
martin | 11 May 2012 01:29
Picon
Gravatar

Re: spam on PyPI


Zitat von David Glick <dglick <at> gmail.com>:

> Someone is posting spam to PyPI today.

Thanks! Deleted.

Regards,
Martin
Permalink | Reply | 0 comments |
headers
anatoly techtonik | 12 May 2012 11:21
Picon
Gravatar

Re: PyPI pull request

On Wed, May 9, 2012 at 1:51 PM, anatoly techtonik <techtonik <at> gmail.com> wrote:
> Hi,
>
> Anybody to merge my changes from
> https://bitbucket.org/techtonik/pypi-techtonik ?

Richard told me he is busy preparing for the PyCon AU and
administering ongoing PyGame, so no help here.
Martin told it will take time. So, anybody else at least to review and comment?

https://bitbucket.org/loewis/pypi/pull-request/1/fix-imports-add-logging-to-console-in

I also sent mail to PSF requesting a new `pydotorg` account on
Bitbucket, so that there will be a permanent home for official mirror
for PyPI that can be found using Bitbucket search along with other
open repositories for web to send pull requests to.

In the meanwhile there few more clean up changes, one of which loosens
dependency on M2Crypto, which is not installable in virtualenv if you
don't have SWIG installed systemwide. Although it doesn't remove it
completely yet. The goal is to make pycrypto an optional alternative
for M2Crypto for an easy development.
Permalink | Reply | 7 comments |
headers
Daniel Greenfeld | 12 May 2012 15:17
Picon
Gravatar

Re: PyPI pull request

Anatoly,

Here's a major issues with your pull request:

It's not atomic enough. PyPI is a massive effort so any pull request
should be as small as possible. For example, "running without sentry
client" should be just a single pull request. By combining multiple
"actions" into one pull requests, you've made it harder for the PyPI
authors to evaluate your work. Which means they'll be less inclined to
review it.

Break this up into 3 separate pull requests. It's easy to do with
branching, and the maintainers of the project will appreciate you for
it.

In fact, one thing we did with Open Comparison
(http://djangopackages.com, http://pyramid.opencomparison.org, and
soon http://python.opencomparison.org) that as helped us a lot as
maintainers is write a formal contributing document that spells this
out and more. See:

http://opencomparison.readthedocs.org/en/latest/contributing.html

and in your case, specifically:

http://opencomparison.readthedocs.org/en/latest/contributing.html#how-to-get-your-pull-request-accepted

I suggest to Richard and Martin they adopt something similar. Or they
can use our contributing rules in the same manner as Read the Docs:
(Continue reading)

Permalink | Reply | 6 comments |

Gmane