William Woodruff
William Woodruff
Hi @spencerschrock, thanks for opening an issue! > This scenario is in violation of TUF's concurrency support, but does/should Sigstore python support this scenario? If not, can you update your...
> Considering that I was able to reproduce the issue on the python-sigstore level here, which is part of the model signing code path, I would say that it should...
Yeah, it occurs to me that a dependency for this wouldn't be the worst idea: it's a clean abstraction that can be subtly difficult to get right across multiple platforms,...
Hi @igorpompeo, thanks for filing an issue. To clarify: can you share the entire error message? Are you seeing that error from `twine` itself, or as a spit-out from PyPI?...
Okay, thank you. Could you share that `.whl` file, as well as the output you see when you run `pip list`?
Hmm, I can't reproduce this: I extracted the `METADATA` file from that `.whl`, and it parses fine: ```bash uv run --with packaging python ``` then: ```python >>> from packaging.metadata import...
Thanks, I'll be able to triage this more tonight. > And I'm using venv environment, I don't know if this is some important to say. Yes, that's helpful context, thanks!...
Hi @ceving, thanks for opening an issue. I'm not opposed to adding this, as an opt in. Implementation-wise, I think this probably needs the `preserve_order` feature on the `serde_json` side,...
Specifically, something like `toml2json --preserve-order` seems reasonable. Someone could also make an argument to having order preservation be the default (with no opt-out at all), for simplicity -- I'd be...
NB: I also corrected `project-status` and `project-status-reason` to `project-status.status` and `project-status.reason`, as actually specified (and implemented). The former names were another error of mine from transcribing; those are the names...