On 2020-06-05 15:37, Tomas Orsava wrote:
On 6/5/20 2:22 PM, Petr Viktorin wrote:
>
>
> On 2020-06-05 13:58, Tomas Orsava wrote:
>> On 6/5/20 1:43 PM, Miro HronĨok wrote:
>>> On 05. 06. 20 11:51, Tomas Orsava wrote:
> [...]
>>
>>
>> I see what you mean.
>> On the other hand, that's a pretty horrible error message format
>> (posting in it's entirety for others to consider).
>>
>> Is there no better way to achieve this? For a few packages it's ok,
>> but I would be weary of introducing this to too many packages.
>>
>> In the proposal there's talk of blocking the name on PyPI. Is this
>> the way the blocking will be achieved?
>
> You can talk to PyPI admins to block packages.
>
> But all in all, I think what "fedora", "ldap" or "microsoft
are doing
> is the best option right now.
> I started some discussion upstream, if you want to read it:
>
https://discuss.python.org/t/pypi-as-a-project-repository-vs-name-registr...
>
> (But let's discuss Fedora issues here first.)
Ah, that's sad. Thanks for raising the topic upstream, hopefully it'll
improve down the road.
As fer Fedora: Do I understand it correctly that:
- the names of Python packages in Fedora have been now blocked on PyPI
using the admin intervention, and
- we want to advise people to get those names on PyPI and either publish
the projects there or do this fedora/ldap-sort of namesquatting?
Yes.
I agree it's the least-worst option now. However, it will need a
detailed instructions.
Yes, but I want to discuss it first before writing the instructions :)
I'm on it next week again; it just ot stalled by work around the 3.9
side tag builds/merging.