prospector icon indicating copy to clipboard operation
prospector copied to clipboard

Published 20 hours ago verified publisher icon PyCQA

[maintenance] Remove twine from the dev dependencies

Open Pierre-Sassoulas opened this issue 7 months ago • 6 comments

  • It's not required to release anymore as it's done in CI
  • it brings a version of cryptography that contains a CVE
  • Unless we remove python 3.9.0 from the supported version, but we don't want to drop this version unless necessary"

Pierre-Sassoulas avatar Apr 13 '25 20:04 Pierre-Sassoulas

twine looks to be required!

sbrunner avatar Apr 16 '25 11:04 sbrunner

I've mistaken this project with another one, we need to do something like https://github.com/pylint-dev/pylint/pull/10263

Pierre-Sassoulas avatar Apr 16 '25 11:04 Pierre-Sassoulas

I think that's good to keep the twine check, And it's also good to migrate to Trusted publisher, but this needs also to be configured in the pypi package admin interface, which one I didn't have access.

sbrunner avatar Apr 16 '25 14:04 sbrunner

@Pierre-Sassoulas you are on PyPI as maintainer, is that enough to set it up? @sbrunner I can add you as a maintainer, what is your PyPI username? Is it the same as this GitHub one?

I can set it up the trusted publisher if you need me to. It looks fairly straightforward but I wasn't aware of it until just now so if someone who knows more wants to do it go ahead :-)

carlio avatar Apr 16 '25 14:04 carlio

My pypi username is also sbrunner thanks :-)

sbrunner avatar Apr 16 '25 14:04 sbrunner

This was on my todo list, but I must admit to myself that I don't have time for this, sorry.

Pierre-Sassoulas avatar May 17 '25 04:05 Pierre-Sassoulas

Status?

cclauss avatar Jul 21 '25 21:07 cclauss

Need take over, I won't be able to work on this, sorry.

Pierre-Sassoulas avatar Jul 22 '25 05:07 Pierre-Sassoulas