Oh "great", uv does the same thing, referencing the pip code: https://github.com/astral-sh/uv/blob/1723ed00d6e6961abcf05d09abe59aaee005a6af/crates/uv-client/src/linehaul.rs#L61-L63
Added after someone who seems to be a #PyPA member filed an issue requesting it: https://github.com/astral-sh/uv/issues/1958
This seems to run deep… :neocat_floof_sad: #Python
#PyPA
@stfn I think the #pypa #python GitHub publish action is a good place to start to see what needs to be done.
https://github.com/pypa/gh-action-pypi-publish
You'll need to use tokens instead of Trusted Publishing, as your CI is not integrated into Trusted Publishing. Twine is the usual way.
https://twine.readthedocs.io/en/stable/
You may be able to generate & include attestations.
https://docs.pypi.org/attestations/
i released https://pypi.org/project/setuptools-scm/9.0.0/ today - its expected to work just the same for all users
its the last release with legacy python and legacy setuptools support
its also going to be the last release thats mostly standalone
future version will require modern setuptools and vcs-versioning - all build pipelines that still need legacy setuptools and/or old python had about half a decade now to update python tooling - its time to go modern #python #packaging #setuptools #pypa
New blog post: A 2024 update on my analysis of build backend popularity in pyproject.toml files: https://venthur.de/2025-01-12-build-backends.html
#python #pypi #PyPA
📢 PSA: there's an effort by @karo @ https://github.com/pypa/packaging.python.org/pull/1662 to write some PyPUG documents regarding license declaration in #Python dists and #PEP 639. I think additional feedback would be useful.
pip 24.3 has been released (*checks watch*) almost three weeks ago, but do you know what changed in this release?
If not, I have a release write-up for pip 24.3 that can fix that!
TL;DR: pip 24.3 is a small release with a truststore bugfix, error QoL improvements, and one minor deprecation of noncompliant wheel filenames (which won't affect you).
First blog post after a very long time: Publishing to PyPI with a Trusted Publisher from GitLab CI/CD 🦊
https://stefan.sofa-rockers.org/2024/11/14/gitlab-trusted-publisher/
Jak być dobrym upstreamem dla paczki Pythona:
1. Przestrzegać własnej polityki zagnieżdżania zależności tylko wtedy, kiedy to nie przeszkadza w niczym.
2. Kiedy ktoś zwraca uwagę na złamanie polityki, stwierdzić, że to w porządku, bo "opiekuni mają bliski(-awy) kontakt".
3. Wydać nową, problematyczną wersję, nie wykorzystując "bliski(-awego) kontaktu", by w tym samym czasie wydano nową wersję zależności.
4. No i nie zapominajmy, by szybko blokować możliwość komentowania na zgłoszeniach.
No cóż, i tak ich kod "devendoringu" nigdy nie działał (muszę kiedyś w końcu napisać porządne zgłoszenie na ten temat)…
https://github.com/pypa/pip/pull/12962#issuecomment-2400977486
W międzyczasie, szczerze polecam #uv. Ludzie odpowiedzialni za projekt mają wielkie znaczenie.
How to be a good #Python upstream:
1. Follow your vendoring policy only when it's not too inconvenient.
2. When someone points out the violation, claim it's okay because "maintainers have close(-ish) contact".
3. Make a problematic release without using the "close(-ish) contact" to make a synchronous release of the dependency.
4. Oh, and don't forget to lock your issues timely.
Well, it's not like their devendoring code even works (one day I actually need to make a proper bug report about that)…
https://github.com/pypa/pip/pull/12962#issuecomment-2400977486
In the meantime, I wholeheartedly recommend #uv instead. People make all the difference.
Why Hatch?: Yet another Python packaging implementation, hatchling is the replacement for setuptools
https://hatch.pypa.io/1.9/why/
#setuptools #packaging #software #python #pypa #pip #+
cibuildwheel 2.19.0 is out, with full support for free-threaded Python 3.13, a ultra-fast opt-in build-frontend (build[uv]) backed by uv, and support for a brand new platform: pyodide, for building WebAssembly wheels! More info in my release post at https://iscinumpy.dev/post/cibuildwheel-2-19-0/ #python #release #pypa
🐍 #Python 📦 #packaging news. Looks like the latest release of `cibuildwheel` v2.19 now supports #freethreading #nogil 🎉 thanks to @henryiii
#PyConUS sprints for Wednesday:
Room 308: #EParse (#Excel spreadsheets)
Room 309: #GnuMailman
Room 310/311: #PiecesOS (#LLM, #GenAI)
Room 315: #PyPA (#Python Packaging)
Room 316: @beeware, #PalletsProject
#PyConUS Sprints for Tuesday:
Room 308: #RouteE
Route 309: #GnuMailman
Room 310/311: #PiecesOS (#GenAI, #LLM tool), Strawberry GraphQL
Room 315: #PyPA Packaging, Cloud Custodian
Room 316: @beeware, #PyScript, #PalletsProject
Room 317: aio-libs, @ppb, @takahe, @micropython, @circuitpython, Robots
Room 318: Accelerated Python on GPU, Mesa (agent-based modeling + GIS)
Room 319: #GDSFactory
Room 320: #Python Core
Room 321: @pydantic, #LogFire, #PyO3
Very interesting to hear how much Hatch from #PyPA has changed over the years. It looks like it's slated to become the app release tool to replace them all, taking on the responsibilities of Twine, Virtualenv, SetupTools, etc. All with a flexible plugin system for future extensibility.
@SnoopJ The #PyPA doesn't really have a big plan or strategy, it's more a loose group of project maintainers.
Hatch already had a channel on the Discord, then when 1.0.0 was released, Bernát asked Ofek if he planned to propose it, a vote was opened with:
"I think this would be beneficial to
the Python community, and the PyPA would likely make heavy use of the
plugin system for trying PoCs of new PEPs"
The vote passed without much discussion and no objections.
https://mail.python.org/archives/list/pypa-committers@python.org/thread/J2BL5XTTOCXUCELUE7L5P5HHJ7NXZGZ5/#TKXNLZNX6A2S7XQ525VO4IVI27JOIAA3 #Python
#PyPA #virtualenv is yet another #Python project that "optimizes" its test suite by using time-machine. Since time-machine works on CPython only, it also keeps supporting #freezegun but you are allowed to use it on PyPy only now.
I really do wonder if this "optimization" actually makes anything faster, and if it outweighs the added complexity. The complexity also falls on downstreams (#Gentoo).
But that's modern development for you! "Shiny! Must have it!"
https://github.com/pypa/virtualenv/commit/fd93dd79be89b21e6e9d43ca2dd1b02b811f6d6f
@mitsuhiko Just remember that with great power comes great responsibility. It would be great if the current mess of #Python #packaging tools would be unified, preferably by a single tool provided by Python or #PyPA. For now, you just used your popularity to boost yet another tool in that jungle, maybe even making the problem slightly worse. Hopefully you can use your skills to contribute to the solution, good luck!
Ok, it seems that github3.py is the first victim that I know of, of the war PyPI maintainers are waging against PyPA standards. Big sigh.
https://github.com/sigmavirus24/github3.py/pull/1144#discussion_r1174626625
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst