Dustin Ingram
Dustin Ingram
@brainwane It's not super ideal but the support for multiple repos could be used for this ``` [distutils] index-servers = pypi-project-A pypi-project-B [pypi-project-A] repository: http://pypi.python.org/pypi username: __token__ password: [pypi-project-B] repository:...
I think we're parsing this correctly and the example in the spec is wrong, see my comment [here](https://github.com/pypa/packaging.python.org/pull/1586#pullrequestreview-2233384634). That said, I think returning a `502` here is not what should...
I want to reiterate [a comment I made here](https://github.com/pypa/twine/issues/277#issuecomment-340018389): > But arguably this isn't worth the effort, since the default access control granted by `keyring` is that any other Python...
All great points @takluyver. Consider me convinced, and thanks for laying out an explanation.
Blocked on https://github.com/pypi/warehouse/issues/13409.
My preference would be `pip-tools`, happy to help here if you go down that route!
I've revised the title a bit here to better describe what is happening. I don't see any reason to list these packages (i.e. those without any releases) in `/simple`, they...
Yeah, I agree with @ewdurbin, it's probably not worth it to change the behavior of the XML-RPC endpoints at this point in time, but probably something we should consider for...
Note that https://github.com/pypa/warehouse/pull/5001 was reverted in https://github.com/pypa/warehouse/pull/8807, as it was far too noisy for us to even use it as a tool for investigating potential squats, let alone do any...
> `packaging` is (currently) scoped to implementing PEP-backed stuff, that has only-one-way-to-do-it and I'd like to preserve that. I _was_ proposing adding this to `packaging` itself. IMO the same is...