Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PEP 758 External Wheel Hosting #1

Merged
merged 8 commits into from
Oct 1, 2024

Conversation

warsawnv
Copy link

No description provided.

@warsawnv warsawnv self-assigned this Sep 20, 2024
Discussions-To will have to be added after posted to DPO
peps/pep-0758.rst Outdated Show resolved Hide resolved
peps/pep-0758.rst Outdated Show resolved Hide resolved
peps/pep-0758.rst Outdated Show resolved Hide resolved
peps/pep-0758.rst Outdated Show resolved Hide resolved
peps/pep-0758.rst Outdated Show resolved Hide resolved
@warsaw
Copy link

warsaw commented Sep 23, 2024

Two suggestions I've heard from chatting with people at the core Python sprint, that I want to capture:

  • EXTERNAL-HOSTED should be JSON
  • We should include wheel size in the metadata, so that an installer can avoid downloading a size-spoofed external wheel before unpacking it and verifying the checksum.

warsaw and others added 4 commits September 26, 2024 10:02
Co-authored-by: Ethan Smith <etsmith@nvidia.com>
Co-authored-by: Ethan Smith <etsmith@nvidia.com>
Co-authored-by: Ethan Smith <etsmith@nvidia.com>
Co-authored-by: Ethan Smith <etsmith@nvidia.com>
@warsaw
Copy link

warsaw commented Sep 26, 2024

We should include wheel size in the metadata, so that an installer can avoid downloading a size-spoofed external wheel before unpacking it and verifying the checksum.

Given that I'm changing the file to EXTERNAL-HOSTED.json, maybe we should add a hashes dictionary a la PEP 694 rather than requiring the URL to have a fragment with the hash value. This would allow clients to provide multiple hashes with different algorithms. I'm thinking about this because I also want to set the file size in the JSON.

* Add size and hashes dictionaries
* HTTP range requests is a MUST
* HTTP/2 is a SHOULD
@warsaw
Copy link

warsaw commented Sep 27, 2024

@ethanhs-nv I think I've resolved all the suggestions. Thanks for the valuable feedback! Unless there's anything else you think needs further elaboration, my plan is to submit this against the real peps repo and open a DPO thread on Monday.

peps/pep-0758.rst Outdated Show resolved Hide resolved
@emmatyping-nv
Copy link

@warsaw I think it looks great! Looking forward to seeing it live!

Copy link

@emmatyping-nv emmatyping-nv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very excited to see this published in the PEPs repo, thank you for going through all my feedback :P

@warsawnv warsawnv merged commit 2df94bc into wheel-next:main Oct 1, 2024
@warsawnv warsawnv deleted the warsawnv/pep-758 branch October 1, 2024 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants