Cristina
Cristina
Background: https://github.com/pypa/packaging-problems/issues/25 Create a generic wheel-building service to make releases faster and more robust.
`pip` currently uses `requirements.txt` to specify dependencies; it can specify __versions__ of packages but not __hashes__. The [newer pipfile format](https://github.com/pypa/pipfile) can include hashes, which some users prefer. But `pip` [doesn't...
Since anyone can upload a package to PyPI, malicious users might upload malware, which would then harm users. To mitigate this risk, PSF [previously obtained funding](https://github.com/python/request-for/blob/master/2019-Q4-PyPI/RFP.md) to add some malware...
To keep PyPI's users secure, we want to give them [an opt-in communication channel to hear about security vulnerabilities for the packages they use](https://github.com/pypa/warehouse/issues/798). Implementing this would also give us...
To scale up our anti-abuse moderation and help package maintainers with security response, we need to be able to, for instance, mark a release as deprecated or a project as...
Right now, there are ways for package maintainers to test and share draft versions of their upcoming releases, but they cause friction and confusion. So we want to add [staged...
Our packaging ecosystem relies on [a particular structured data format (classifiers)](https://pypi.org/classifiers/) to indicate a package's legal license. However, our current system [allows for ambiguity that makes some downstream data display...
If we [audit and update PyPI metadata for existing projects based on already-uploaded artifacts](https://github.com/pypa/warehouse/issues/474#issuecomment-370986838), we can publish information about what packages depend on each other and on certain environments, and...
The [documentation for setuptools](https://setuptools.readthedocs.io/) has grown messily over time and is difficult to browse and navigate. Also, the [legacy documentation for distutils](https://docs.python.org/3/distutils/index.html) and the current setuptools docs heavily overlap in...
There is a part of the Python standard library [called](https://docs.python.org/3/library/distutils.html) `distutils`, and some users directly use it. [We want users to instead switch to the supported toolchain](https://github.com/pypa/packaging-problems/issues/127), which uses `setuptools`,...