Dustin Ingram
Dustin Ingram
Documentation for our APIs and datasets currently lives in our developer-facing docs: https://warehouse.pypa.io/api-reference/index.html However, these are really end-user docs, and should live at https://docs.pypi.org/ instead.
Noticed in #16703 that `_is_valid_dist_file` currently checks for `PKG-INFO` or `WHEEL` files to be present in a sdist or wheel, but doesn't validate where they are in the archive, so...
This is a meta-issue to document the roadmap for PyPI's support for [PEP 458](https://www.python.org/dev/peps/pep-0458/). This top-level comment will be updated as the roadmap progresses. Comments on this issue should be...
PyPI sends a fairly low volume of event-based emails to users, which results in the occasional spam report causing an abnormally high overall % of complaints. Some ideas of things...
**What's the problem this feature will solve?** Currently it's hard to add additional information about individual artifacts without overloading the "Download files" tab on the project page. For example, file...
**Describe the bug** When re-authenticating a user (e.g. when visiting https://pypi.org/manage/account/recovery-codes/generate redirects to a password prompt) there is no error displayed when the users password is incorrect. **Expected behavior** An...
**Description** Currently this project publicly provides `models.Bundle` which supports `to_json` and `from_json`, but does not expose a lower-level API to create/modify specific fields of the Sigstore bundle, read/write the bundle...
https://packaging.python.org/en/latest/specifications/binary-distribution-format/ says: > Version numbers should be normalised according to the [Version specifier specification](https://packaging.python.org/en/latest/specifications/version-specifiers/#version-specifiers). Currently, `parse_wheel_filename` will raise `InvalidWheelFilename` for some invalid filenames, but https://packaging.python.org/en/latest/specifications/version-specifiers/#normalization has a long list of...
For the upcoming TAC meeting Tuesday April 29th.
In https://github.com/ossf/wg-securing-software-repos/pull/51#discussion_r2035768494, we struggled a bit with aligning terminology across ecosystems, and disambiguating certain terms. The WG should ~publish a glossary at https://repos.openssf.org/glossary~ contribute to https://glossary.openssf.org/ to define our preferred...