Re: PyPI and debian/watch

To: Ben Finney <ben+debian@benfinney.id.au>
Cc: debian-python@lists.debian.org
Subject: Re: PyPI and debian/watch
From: Donald Stufft <donald@stufft.io>
Date: Wed, 4 Feb 2015 08:08:13 -0500
Message-id: <[🔎] FA9F43C5-64C5-4CFF-A972-30D1620995D1@stufft.io>
In-reply-to: <[🔎] 85h9v2gkz5.fsf@benfinney.id.au>
References: <CAB4XWXw7s1m=_3DuYjqviwm6ZZCHsmYNmBAMOQp+aFORphbg2g@mail.gmail.com> <20150131150409.3438.51931@mitya57.me> <[🔎] 20150203174008.3414d377@anarchist.wooz.org> <[🔎] CAMcKhMRXJqcW6eezoWAxKQeW7kVg1UpaTysazYrR2VDZAg03_Q@mail.gmail.com> <[🔎] 85h9v2gkz5.fsf@benfinney.id.au>

> On Feb 4, 2015, at 3:05 AM, Ben Finney <ben+debian@benfinney.id.au> wrote:
> 
> Tristan Seligmann <mithrandi@mithrandi.net> writes:
> 
>> The debian/watch file I wrote for python-nacl (which also verifies the
>> PGP signature) seems to work.
> 
> I can't get PGP signature retrieval to rowk (“uscan warning:
> pgpsigurlmangle option exists, but the upstream keyring does not exist”)
> even with your suggested pattern.
> 
> But I have also written a working uscan configuration::
> 
> opts="filenamemangle=s/\S+\/([^\/]+\.tar\.gz)#md5=[[:alnum:]]+$/$1/" \
>    https://pypi.python.org/simple/python-daemon/ \
>    \S+/python-daemon-(\S+)\.tar\.gz#md5=[[:alnum:]]+ \
>    debian
> 
> 
> Barry Warsaw <barry@debian.org> writes:
> 
>> I'd love to be able to have something as simple as:
>> 
>> version=3
>> https://pypi.python.org/simple/mypkg/mypkg-(.*).tar.gz
>> 
>> which is close to what most packages probably use today, modulo the
>> base url path.
> 
> That would be great. But remember that the uscan documentation
> recommends a tighter matching pattern, so that would be::
> 
>    version=3
>    https://pypi.python.org/simple/mypkg/mypkg-(.+).tar.gz
> 
>> I filed a bug against pypa/warehouse so hopefully we can get something
>> better before Jessie is released (which is when I think there will be
>> more pressure for a better solution, since most packages won't be
>> updated during the freeze).
>> 
>> https://github.com/pypa/warehouse/issues/358
> 
> Thanks very much!
> 
> I'm not a fan of having it live at “…/uscan/” though. This is not
> specific to Debian, it's a sensible API design for all.
> 

If it gets implemented it'll live at /uscan/ because it exists primarily to
work around the deficiencies that exist in uscan (Particularly the dificulty
in ignoring url fragments). Everyone else should just use the URLs at /simple/
which most systems use with no problem because they can parse the URLs and
ignore the URL fragments (or use them for verifying the hash if need be).

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Reply to:

Follow-Ups:
- Re: PyPI and debian/watch
  - From: Barry Warsaw <barry@debian.org>
- Re: PyPI and debian/watch
  - From: Tianon Gravi <admwiggin@gmail.com>

References:
- Re: PyPI and debian/watch
  - From: Barry Warsaw <barry@python.org>
- Re: PyPI and debian/watch
  - From: Tristan Seligmann <mithrandi@mithrandi.net>
- Re: PyPI and debian/watch
  - From: Ben Finney <ben+debian@benfinney.id.au>

Prev by Date: Re: PyPI and debian/watch
Next by Date: Re: PyPI and debian/watch
Previous by thread: Re: PyPI and debian/watch
Next by thread: Re: PyPI and debian/watch
Index(es):
- Date
- Thread