v1.2.1rc0

Revert matrix auth

2016-06-25: "Brexit": Normalize and stop legacy support.

• Less rigorous support for python-2 < 2.7 and python-3 < 3.3.
• Package normalizations and :pep:503 updates:
  • Package names are normalized: convert all characters to lower-case
    and replace any of [-_.] with a dash('-').
  • The simple index only lists normalized package names.
  • Any request for a non-normalized package name is redirected to
    the normalized name.
  • URLs are redirected unless they end in '/' (expect packages themselves).
  • (thanks to @dpkp, #38, #139, #140)
• Added pip search support.
  • (thanks to @blade2005, #80, #114)
• FIX startup regressions for other WSGI-servers, introduced by previous v1.1.10.
  • (thanks to @virtuald, @Oneplus, @michaelkuty, @harcher81, @8u1a,
    #117, #122, #124/#127/#128)
• FIX over-writing of packages even when without --overwrite flag.
  • (thanks to @blade2005, #113)
• Fixes for paste, gunicorn and other WSGI servers.
  • (thanks to @corywright, @virtuald, @montefra, #112, #118, #119)
• Updates and fixes needed due to changes in dependent libraries.
  • (thanks @dpkp, #120/#121, #129, #141/#142)
• Add cache for speeding up GPG signatures.
  • sthanks to @virtuald, #116)
• Other minor fixes and improvements.
  • (thanks to @bibby, @Oneplus, @8u1a, #129, #131)
• TravisCI-test against python-3.5.
  • (#107, #108, #110)
• docs:
  • Provide samples for Automated Startup (systemd & hypervisor).
    (thanks to @ssbarnea, #137, #146)
  • Add usage instructions for related project pypi-uploader.
    (thanks to @ssbarnea & @bibby, #147)
  • doc: Provide sample-code to authenticate using /etc/passwds file
    via pam modules in Unix.
    • (thanks to @blade2005, #149, #151-#153)
  • Improved API usage instructions.
  • Detailed changes recorded in Github's milestone 1.2.0 <https://github.com/pypiserver/pypiserver/milestones/M1.2.0>_.
• TODO:
  • Move validations from main() --> core.configure().
  • Use docopt.
  • Privatize pypiserver.core --> pypiserver._core.
  • Finish rework of app+bottle config & startup that began on 1.1.9.
  • Add logging-conf yaml-file and read it if found

2016-01-19: Serve 1000s of packages, PGP-Sigs, skip versions starting with 'v'.

• #101: Speed-up server by (optionally) using the watchdog package
  to cache results, serve packages directly from proxying-server (Apache ,
  nginx), and pre-compile regexes (thanks @virtuald).
• #106: Support uploading PGP-signatures (thanks @mplanchard).
• Package-versions parsing modifications:
  • #104: Stopped parsing invalid package-versions prefixed with v; they are
    invalid according to :pep-reference:0440 (thanks @virtuald &
    @stevejefferiesIDBS).
  • Support versions with epochs separated by ! like package-1!1.1.0.
  • #102: FIX regression on uploading packages with + char in their version
    caused by recent bottle-upgrade.
• #103: Minor doc fixes (thanks @MichaelSchneeberger).

2015-12-21: "Ssss-elections" bug-fix & maintenance release.

• Upgrade bottle 1.11.6-->1.13-dev.
  • Fixes MAX_PARAM limiting dependencies(#82)
• Rework main startup and standalone:
  • New standalone generation based on ZIPed wheel archive.
  • Replace all sys.module mechanics with relative imports.
  • Fix gevent monkeypatching (#49).
  • Simplify definition of config-options on startup.
  • TODO: Move startup-options validations out of main() and
    into pypiserver.core
    package, to validate also start-up from API-clients.
• #53: Like PyPI, HREF-links now contain package's md5-hashes in their fragment.
  Add --hash_algo cmd-line option to turn-off or specify other hashlib
  message-digest algorithms (e.g. sha256 is a safer choice, set it to off
  to avoid any performance penalty if hosting a lot of packages).
• #97: Add --auther non cmd-line startup-option to allow for alternative
  authentication methods (non HtPasswdFile-based one) to be defined by
  API-clients (thanks @Tythos).
• #91: Attempt to fix register http failures (thanks to @Tythos and @petri).
  • Test actual clients (ie pip, Twine, setuptools).
  • Test spurious setuptools failures.
  • NOT FIXED! Still getting spurious failures.
• Various other fixes:
  • #96: Fix program's requirement (i.e. add passlib as extra-requirement).
    provide requirements files also for developers.
  • logging: Send also bottle _stderr to logger; fix logger names.
  • #95: Add missing loop-terminators in bottle-templates (thanks to @bmflynn).

"Finikounda" release

(apologies for the long delay...)

Notice that this will be the last to strive for supporting development on py2.5 and 3.2.
According to this surveys(2014, 2015), their days are over.

• Allow un-authenticated uploads (no htpasswd file) (#55).
• Fixes on package-name handling (#85 and #88, #89).
• Respect logging cmd-line options (#81).
• Add TCs for standalone script and other build-issues (#92)

See milestone:M1.1.8 for all fixes included.

"pypi-donna" release

• Authentication enhancements,
• logging,
• anti-XSS templates,
• better instructions.

See Milestone M1.1.7