Bug 1127974 - Review Request: twine - Collection of utilities for interacting with PyPI
Summary: Review Request: twine - Collection of utilities for interacting with PyPI
Keywords:
Status: CLOSED DUPLICATE of bug 1352972
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1127967 1350943
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-08 03:09 UTC by Eduardo Mayorga
Modified: 2016-07-05 15:56 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-05 15:56:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Eduardo Mayorga 2014-08-08 03:09:25 UTC
Spec URL: https://mayorga.fedorapeople.org/twine.spec
SRPM URL: https://mayorga.fedorapeople.org/twine-1.3.1-1.fc20.src.rpm
Description: Twine is a utility for interacting with PyPI.

The biggest reason to use twine is that python setup.py upload uploads
files over plaintext. This means anytime you use it you expose your
username and password to a MITM attack. Twine uses only verified TLS to
upload to PyPI protecting your credentials from theft.

Secondly it allows you to precreate your distribution files. python
setup.py upload only allows you to upload something that you’ve created
in the same command invocation. This means that you cannot test the
exact file you’re going to upload to PyPI to ensure that it works before
uploading it.

Finally it allows you to pre-sign your files and pass the .asc files
into the command line invocation (twine upload twine-1.0.1.tar.gz
twine-1.0.1.tar.gz.asc). This enables you to be assured that you’re
typing your gpg passphrase into gpg itself and not anything else since
you will be the one directly executing gpg --detach-sign -a <filename>.
Fedora Account System Username: mayorga

Comment 1 Pierre-YvesChibon 2015-04-28 15:55:41 UTC
Could you add a python3 subpackage?

Comment 2 Pierre-YvesChibon 2015-05-07 13:49:39 UTC
ping?

Comment 3 Matthias Runge 2016-02-26 10:45:50 UTC
Any update here? I still would like to see this package happen in Fedora

Comment 4 Jeremy Cline 2016-06-16 18:03:28 UTC
Hi Eduardo,

I commented on your other request (https://bugzilla.redhat.com/show_bug.cgi?id=1127967), but I realized I should probably comment on both.

I'm interested in seeing twine in Fedora as well. Is it possible to move forward with this package review? If not, per the policy for stalled package reviews[0], I'd like to close this request so I can carry on the work.

Thanks!

[0] https://fedoraproject.org/wiki/Policy_for_stalled_package_reviews#Submitter_not_responding

Comment 5 Jeremy Cline 2016-07-05 15:56:11 UTC
Hi Eduardo,

I've filed a new review request so I'm closing this one as a duplicate per the policy. Let me know if you're interested in being a co-maintainer!

*** This bug has been marked as a duplicate of bug 1352972 ***


Note You need to log in before you can comment on or make changes to this bug.