Donald Stufft
Donald Stufft
Unless you have the physical file laying around still, it's unlikely you're going to have something that matches the same hash. The `setup.py sdist` command does not have deterministic output,...
Right, I wrote `twine`, but not everyone uses that so you have to explain to them that they have to use twine to be able to reupload not `setup.py upload`....
I doubt @glyph cares if the post-install hook is done via a metadata plugin or via some script in the distribution (though I totally agree it should be via a...
This might be helpful: https://mail.python.org/pipermail/distutils-sig/2016-June/029083.html
I'm not sure that there is a great answer for this right now, nor am I sure how we'd support it in a cross platform way. It's a good question...
I would say I don't think all repositories *have* to implement it, but rather the goal would be to standardize it so that tooling can say "I depend on a...
https://github.com/devpi/devpi/issues/801 is an example of something to look at to figure out why they want this API standardized and to make sure our API actually satisfies their use case.
We could possibly only support version comparisons on a subset of things, I doubt that is going to break anyone really.
FWIW pip 8.0 will include peep’s functionality built into pip (though it is opt in by adding hashes to your requirements file).
I plan on digging into this in the near future fwiw.