Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] PEP 582: (First draft) Using namespace on projects packages #686

Closed
wants to merge 1 commit into from
Closed

[WIP] PEP 582: (First draft) Using namespace on projects packages #686

wants to merge 1 commit into from

Conversation

4383
Copy link

@4383 4383 commented Jun 25, 2018

Hi!

Overview

This is a feature proposal. Now when a project is already register on pypi it's not possible to users to test a fork of any projects with the same name when it's already exist, manage projects by namespace increase possiblities for the python community.

With this feature we can introduce trusted packages by allow install/search without namespace and add namespaces on untrusted packages like docker behavior (docker pull nginx or docker pull 4383/nginx).

On docker when the package is trusted (docker trusted image mean maintained by docker itself), namespace does not exist, and when a package is maintain by a third user namespace appear into the name.

I don't want delegate official projects maintainance to the pypa team but we can introduce a vote system by sending pull requests to a specific pypa repository. If the pull request is accepted the namespace was automaticaly removed.

Features

  • Allow community to define trusted project and allow download (install, search, etc...) without prefix with user namespace
  • Allow users to upload on pypi project with a name who already exist on pypi but prefixed by user namespace.

Benefits

  • Improve project trust
  • Improve package trusting and discrease risk that users deal with a miscellaneous package come from a typo squatting example 1, pypa github discussion
  • Allow users to provide forked version of an official project
  • Allow users to test that packaging work fine on pypi

Examples

With pip:

$ pip install Django # trusted package
$ pip install 4383/Django # untrusted package

Url transposition:

@4383 4383 mentioned this pull request Jun 27, 2018
Open
@gvanrossum
Copy link
Member

@4383 Before we create a PEP we typically discuss the idea on python-ideas. Has that happened yet? Can you please include a link to the discussion there? Also can you please look into the test failure?

@4383
Copy link
Author

4383 commented Jul 8, 2018
edited
Loading

@gvanrossum I doesn't had a discussion first on python-ideas, I've already contact the pypa team for discuss about this and send an email at distutils mailing list.
I close this pull request during the time to the discussion on python-ideas.
Also, I'm going to fix the test failure.
Thanks for this suggest :)

@4383 4383 closed this Jul 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CLA signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@4383 @gvanrossum @the-knights-who-say-ni