Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warn against using pip with test.pypi.org #1500

Open
mechsin opened this issue Feb 16, 2024 · 0 comments
Open

Warn against using pip with test.pypi.org #1500

mechsin opened this issue Feb 16, 2024 · 0 comments
Labels
component: guides type: bug A confirmed bug or unintended behavior

Comments

@mechsin
Copy link

mechsin commented Feb 16, 2024

I had filed a issue over on the packaging-problems project, and as part of resolving that @sinoroc request that I file a documentation issue over here.

Looking specifically at the guidance on the URL below.

https://packaging.python.org/en/latest/guides/using-testpypi/#using-testpypi-with-pip

This section advocates that users test downloading there package from test.pypi.org using pip and the --index-url argument. @sinoroc pointed out that if your package pulls dependencies that it might pull unsavory packages typo squatting on test.pypi.org.

@sinoroc indicated that test.pypi.org should not be used for testing pip. As a novice package publisher, this is my first public packaage, I would differ to the PyPa community, but I see @sinoroc point.

Depending on the community opinion I would suggest at minimum adding a warning that downloading from test.pypi.org could be hazardous for your health with some reasoning. Or if community agreement is unanimous that this is not an approve use of PyPi you could omit the section completely although it is probably best to keep the section but to just reduce it to a strongly worded warning that using pip against test.pypi.org is not advised again with some reasoning.

This is the original ticket for reference of the original conversation packaging problems #725

@mechsin mechsin changed the title Warn aginst using pip against test.pypi.org Warn against using pip against test.pypi.org Feb 16, 2024
@mechsin mechsin changed the title Warn against using pip against test.pypi.org Warn against using pip with test.pypi.org Feb 16, 2024
@chrysle chrysle added type: task Something that needs to be done that is not a bug or feature type: bug A confirmed bug or unintended behavior component: guides and removed type: task Something that needs to be done that is not a bug or feature labels Feb 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component: guides type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

No branches or pull requests

3 participants
@mechsin @chrysle and others