Skip to content

PEP 694: Address additional feedback #4549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

PEP 694: Address additional feedback #4549

wants to merge 11 commits into from

Conversation

warsaw
Copy link
Member

@warsaw warsaw commented Aug 16, 2025
edited by github-actions bot
Loading

  • Require that name conform to the normalization rules, and include a link
  • Require that version conform to the version specs, and include a link
  • RFC 3399 instead of ISO 8601 as the timestamp spec. The RFC is a simpler format that subsets the ISO standard, and is more appropriate to our use case.
  • Adjust the gentoken() algorithm to be more resistant to tomfoolery. This may still change.
  • Require filename to conform to either the source or binary distribution file name convention, and include links

📚 Documentation preview 📚: https://pep-previews--4549.org.readthedocs.build/

@warsaw
Begin to address William's feedback.
432727f 
* Require that `name` conform to the normalization rules, and include a link
* Require that `version` conform to the version specs, and include a link
* RFC 3399 instead of ISO 8601 as the timestamp spec.  The RFC is a simpler format that subsets the
  ISO standard, and is more appropriate to our use case.
* Adjust the gentoken() algorithm to be more resistant to tomfoolery.  This may still change.
* Require `filename` to conform to either the source or binary distribution file name convention,
  and include links
@warsaw warsaw self-assigned this Aug 16, 2025
warsaw added 9 commits August 15, 2025 17:00
@warsaw
Merge branch 'main' into 694-woodruff-dpo
5c16ed2
@warsaw
Further updates based on DPO thread
bcc345b 
* The addition of the ``Location`` header is now a **MUST**, and better worded to indicate that it
  can be polled in the case of a ``202 Accepted``.
* Added a couple of **FIXME** tags to address removal of nonce and fleshing out the ``Errors``
  section.  See URLs in the text.  DO NOT PROMOTE FROM DRAFT UNTIL THIS IS DONE.
* Reformatted some text.
@warsaw
Fix markup
9c23652
@warsaw
Remove all mention of the nonce
d69686e 
Based on discussions here:
https://discuss.python.org/t/pep-694-pypi-upload-api-2-0-round-2/101483/22 clients no longer supply
a nonce to influence the session token and stage URL.  The calculation of these is left to the
index, but language is added that if provided, they must be cryptographically unguessable, and it
must be possible to calculate the stage URL from the session token.
@warsaw
Move some text around so it flows better
440a2a5
@warsaw
Capitalization consistency
cb99f7e
@warsaw
Update the file upload session section
53b1fbd
@warsaw
capitalization
532aa49
@warsaw
Resolve some FIXMEs
bdbc533
@warsaw warsaw marked this pull request as ready for review August 23, 2025 01:32
@warsaw warsaw requested a review from dstufft as a code owner August 23, 2025 01:32
@warsaw warsaw requested a review from ewdurbin August 23, 2025 01:32
@warsaw
Copy link
Member Author

warsaw commented Aug 23, 2025

I think this branch is ready for review, based on feedback from the DPO thread.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dstufft dstufft Awaiting requested review from dstufft dstufft is a code owner

@ewdurbin ewdurbin Awaiting requested review from ewdurbin

Assignees

@warsaw warsaw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@warsaw