Log file Viewer

[09:15:17] <xafer> dstufft, on one side I'm happy you found a way to fix it, on the other, I can't help to find the solution unsatisfactory...

[16:20:53] <qwcode> dstufft, is this PEP470 accurate? https://packaging.python.org/en/latest/peps.html#pep470-using-multi-index-support-for-external-to-pypi-package-file-hosting

[16:21:26] <dstufft> qwcode: yes

[16:21:53] <qwcode> dstufft, ok, I like PEP470. : )

[16:22:10] <dstufft> I ned to finish the next draft of it :(

[16:26:03] <qwcode> dstufft, the summary says "This PEP effectively reverts PEP438." I wonder if "obsoletes" is better, since it doesn't technically revert PEP438?

[16:31:13] <qwcode> or maybe "deprecate"

[16:32:40] <qwcode> dstufft, "The biggest reason to use twine is that python setup.py upload uploads files over plaintext. This means anytime you use it you expose your username and password to a MITM attack"

[16:33:03] <qwcode> dstufft, but "register" is still exposed, right?

[16:33:06] <dstufft> yes

[16:33:10] <dstufft> I register on the web site

[16:33:19] <qwcode> with that big form?

[16:33:48] <qwcode> just trying to decide what the PPUG should recommend or say for registration

[16:34:54] <dstufft> yea

[16:35:00] <dstufft> I just leave it blank except for the name and a version 0

[16:35:04] <dstufft> and then delete version zero

[16:35:08] <dstufft> it's not so good :/

[16:35:54] <qwcode> and then upload fills in the rest per distribution you mean?

[16:37:00] <dstufft> ya

[16:37:11] <dstufft> all you have to do on the website is claim the name essentially

[16:37:30] <qwcode> ok, well that's not so bad. I can mention both "register" and using the form, and mention the security risk

[16:37:48] <dstufft> it's a one time thing too

[16:37:53] <dstufft> once you've done it once, you never need to register again

[16:37:58] <qwcode> yea