twine 5.1.0-1 source package in Ubuntu
Changelog
twine (5.1.0-1) unstable; urgency=medium * New upstream release. * Drop patch metadata-2.3-tests, superseded upstream. * Patch: Use a MANIFEST.in to control SOURCES.txt generation. -- Stefano Rivera <email address hidden> Sat, 25 May 2024 11:52:24 -0400
Upload details
- Uploaded by:
- Debian Python Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Python Team
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| twine_5.1.0-1.dsc | 2.0 KiB | 3267904b4911a172a4814332e93a45e7c5a648596e5d8552e7c4615ff5de7bc5 |
| twine_5.1.0.orig.tar.gz | 219.7 KiB | 4d74770c88c4fcaf8134d2a6a9d863e40f08255ff7d8e2acb3cbbd57d25f6e9d |
| twine_5.1.0-1.debian.tar.xz | 7.9 KiB | 4a58581cae35d282c754892e410d25ceaf5267ed4b9a1847d7c7b290b3ee0b65 |
Available diffs
- diff from 5.0.0-2 to 5.1.0-1 (12.3 KiB)
No changes file available.
Binary packages built by this source
- twine: utility for interacting with PyPI
Twine is a tool for uploading distributions (in the Python meaning) to PyPi.
.
Why should twine be used over the traditional approach?
.
The biggest reason to use twine is that python setup.py upload uploads files
over plaintext. This means anytime you use it you expose your username and
password to a MITM attack. Twine uses only verified TLS to upload to PyPI
protecting your credentials from theft.
.
Secondly it allows you to precreate your distribution files. python setup.py
upload only allows you to upload something that you’ve created in the same
command invocation. This means that you cannot test the exact file you’re
going to upload to PyPI to ensure that it works before uploading it.
.
Finally it allows you to pre-sign your files and pass the .asc files into the
command line invocation (twine upload twine-1.0.1.tar.gz
twine-1.0.1.tar. gz.asc) . This enables you to be assured that you’re typing
your gpg passphrase into gpg itself and not anything else since you will be
the one directly executing gpg --detach-sign -a <filename>.
.
Features:
.
- Verified HTTPS Connections
- Uploading doesn’t require executing setup.py
- Uploading files that have already been created, allowing testing of
distributions before release
- Supports uploading any packaging format (including wheels).
