Page MenuHome GnuPG

Update pypi entry to current version for discovery of python3-gpg module (Python Bindings)
Open, NormalPublic


The current entry is outdated as it shows 1.10.0 from 2018-02
as latest version. (On contrast to e.g. Ubuntu which has which has 1.14)

The maintainer is also outdated as "Justus Winter" does not work on this anymore.

As there are difficulties providing the official binding via pypi directly, there still should be a pointer to what the current version is. As many python developers check pypi first before looking for other versions of their modules.

So a minimal update should change the maintainer, add a sentence that the python binding are distributed with current gpgme releases and give the current version. number

Event Timeline

I may attempt an update here, who has the pypi maintenance account?
(If we don't have it, we need to ask Justin or create a ticket with the PSF.)

No, this is a fork and we consider the use of a PyPy for GPGME a Bad Thing because it does not guarantee a stable ABI and we accept bugs files against this version.

@werner, that is a missunderstanding:

  • PyPy is an alternative implementation of the Python programming language
  • The Python Package Index (PyPI) is a repository of software for the Python programming language. and run by the Python Software foundation, so it is basically the official repository for third-party modules.

A port to PyPy would be a fork as you write.

This issue is about pointing people from the official third-party module index PyPI towards the official GnuPG Python bindings. ;)

werner triaged this task as Normal priority.

Typo, sorry. I have no access to pypi and won't apply for an account due to general concerns about those platforms. Thus I can't change that page. Let me assign you this issue ;-)

Can you point me to a more elaborate list of the general concerns? (Central directories offer some sort of stable history, namespace and API service towards identifying modules, just like the venerable . The solutions built on such services, like programming environment specific "package" and dependency managers that download and install thousands of packages automatically (like yarn) may be debatable, but I am not aware of much general concern against the services itself.)

Dependency hell - ask your favorite distribution