Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Private :: Do Not Upload classifier. #390

Merged
merged 2 commits into from Apr 2, 2021

Conversation

orsinium
Copy link
Contributor

@orsinium orsinium commented Feb 3, 2021

Listing "Private :: Do Not Upload" in the classifiers list is a way to protect a package from accidental uploading on PyPI. This is a special case because it is not listed in the trove classifier.

References:

P.S. Sorry for PR without making an issue upfront. I think this is the case that isn't hard to implement, so it's better to show than explain :)

This is a special case because it is not listed in a trove classifier
but it is a way to make sure that a private package is not get uploaded
on PyPI by accident.

Implementation on PyPI side:
    pypi/warehouse#5440
Issue about officially documenting the trick:
    pypa/packaging.python.org#643
@takluyver
Copy link
Member

Thanks, this is an interesting one. The same would work with any invalid classifier, there's nothing particularly special about the name Private :: Do Not Upload. But of course, Flit is deliberately checking if classifiers are valid.

I see from your link that PyPI is essentially promising not to create any Private :: classifier. Maybe Flit should allow any classifiers in that namespace, on the grounds that if you've done that, it's probably deliberate rather than a mistake. Do you know if any other components of the ecosystem have made changes around this idea?

@orsinium
Copy link
Contributor Author

orsinium commented Mar 9, 2021

Maybe Flit should allow any classifiers in that namespace

That would work but I'm for keeping things more strict, there is no reason to have anything different like Private :: Some Explanation Why, additional context can be provided in a comment next to the classifier.

Do you know if any other components of the ecosystem have made changes around this idea?

I don't know any other that checks the classifier on the client-side, TBH. AFAIK, setuptools, poetry, twine, and wheel don't. In dephell, I had only a limited classifier validation as well.

What about usage, GitHub search pops a bit of results:
https://github.com/search?q=%22Private+%3A%3A+Do+Not+Upload%22&type=code
Of course, there won't be much because, well, it's strange to see "private" libraries in public repos :)

@orsinium
Copy link
Contributor Author

orsinium commented Apr 2, 2021

Is there anything I can do to have it merged into the upstream?

@takluyver takluyver added this to the 3.3 milestone Apr 2, 2021
@takluyver
Copy link
Member

No, I think that's OK, thanks.

@takluyver takluyver merged commit b944ecc into pypa:master Apr 2, 2021
@orsinium orsinium deleted the private-classifier branch April 3, 2021 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants