Page MenuHome GnuPG
Create Task
Maniphest T5247

Update pypi entry to current version for discovery of python3-gpg module (Python Bindings)
Open, NormalPublic
Actions

Description

The current https://pypi.org/project/gpg/ entry is outdated as it shows 1.10.0 from 2018-02
as latest version. (On contrast to e.g. Ubuntu which has https://packages.ubuntu.com/search?suite=default&section=all&arch=any&keywords=python3-gpg&searchon=names which has 1.14)

The maintainer is also outdated as "Justus Winter" does not work on this anymore.

As there are difficulties providing the official binding via pypi directly, there still should be a pointer to what the current version is. As many python developers check pypi first before looking for other versions of their modules.

So a minimal update should change the maintainer, add a sentence that the python binding are distributed with current gpgme releases and give the current version. number

Details

External Link
https://pypi.org/project/gpg/#history

Event Timeline

bernhard created this task.Jan 18 2021, 3:44 PM
bernhard added a comment.Jan 18 2021, 3:47 PM

I may attempt an update here, who has the pypi maintenance account?
(If we don't have it, we need to ask Justin or create a ticket with the PSF.)

werner added a subscriber: werner.Jan 18 2021, 6:40 PM

No, this is a fork and we consider the use of a PyPy for GPGME a Bad Thing because it does not guarantee a stable ABI and we accept bugs files against this version.

bernhard added a comment.Jan 19 2021, 9:36 AM

@werner, that is a missunderstanding:

  • https://www.pypy.org/ PyPy is an alternative implementation of the Python programming language
  • https://pypi.org/ The Python Package Index (PyPI) is a repository of software for the Python programming language. and run by the Python Software foundation, so it is basically the official repository for third-party modules.

A port to PyPy would be a fork as you write.

This issue is about pointing people from the official third-party module index PyPI towards the official GnuPG Python bindings. ;)

werner assigned this task to bernhard.Jan 19 2021, 10:06 AM
werner triaged this task as Normal priority.

Typo, sorry. I have no access to pypi and won't apply for an account due to general concerns about those platforms. Thus I can't change that page. Let me assign you this issue ;-)

bernhard added a comment.Jan 19 2021, 2:56 PM

Can you point me to a more elaborate list of the general concerns? (Central directories offer some sort of stable history, namespace and API service towards identifying modules, just like the venerable https://www.ctan.org/ . The solutions built on such services, like programming environment specific "package" and dependency managers that download and install thousands of packages automatically (like yarn) may be debatable, but I am not aware of much general concern against the services itself.)

werner added a comment.Jan 19 2021, 4:46 PM

Dependency hell - ask your favorite distribution