Simple PHP Code Debugging

Each beginning (and more advanced) PHP coder will fail because of errors while writing PHP code. This post will teach you some simple things about how you can find those errors in your PHP script. By default some errors will not show up on your web server! Try the examples from the PHP manual The […]

Originally published by Web Development Blog

Web Development Blog

How to use Mailgun with MyMail the newsletter plugin for WordPress?

Like most of you I use MailChimp to publish newsletters and for the management of my mailing list. If the number of subscribers becomes bigger it’s often more lucrative to use a WordPress plugin like MyMail together with a transactional mail service provider. In the past was MyMail and Mandrill an inexpensive combination, but since Mandrill has become a […]

Originally published by Web Development Blog

Web Development Blog

Kushal Das: PyPI and gpg signed packages

Yesterday night, on #pypa IRC channel, asked about uploading detached gpg signatures for the packages. According to , twine did not upload the signature, even with passing -s as an argument. I tried to do the same in test.pypi.org, and at first, I felt the same, as the package page was not showing anything. As I started reading the source of twine to figure out what is going on, I found that it uploads the signature as part of the metadata of package. The JSON API actually showed that the release is signed. Later, and explained that we just have to add .asc at the end of the url of the package to download the detached signature.

During the conversation, mentioned that only 4% of the total packages are actually gpg signed. And gpg is written in C and also a GPL licensed software, so, it can not be packaged inside of CPython (as pip is packaged inside of CPython). The idea of a future PyPI where all packages must be signed (how will still have to discussed) was also discussed in the IRC channel. We also get to know that we can delete any file/relase from PyPI, but, we can not reload those files again. One has to do a new release. This is also very important incase you want to upload signatures, you will have to do that at the time of uploading the package.

also wrote about the idea of signing the packages a few years ago.

Planet Python