control 2.45 KB
Newer Older
1 2 3
Source: twine
Section: utils
Priority: optional
4 5
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Uploaders: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>,
6 7
           Barry Warsaw <barry@debian.org>,
           Stefano Rivera <stefanor@debian.org>
8
Build-Depends: debhelper (>= 11),
9 10 11
               dh-python,
               python3-all,
               python3-pkg-resources,
12
               python3-pkginfo (>= 1.4.2),
13
               python3-readme-renderer (>= 17.4),
14
               python3-releases (>= 0.6.1),
15 16
               python3-requests (>= 2.3.0),
               python3-setuptools (>= 0.7),
Barry Warsaw's avatar
Barry Warsaw committed
17
               python3-sphinx,
Stefano Rivera's avatar
Stefano Rivera committed
18
               python3-sphinx-rtd-theme
19
Standards-Version: 4.3.0
20 21
Vcs-Git: https://salsa.debian.org/python-team/applications/twine.git
Vcs-Browser: https://salsa.debian.org/python-team/applications/twine
22
Homepage: https://github.com/pypa/twine
23
Rules-Requires-Root: no
24 25 26

Package: twine
Architecture: all
27 28 29 30
Depends: python3-setuptools,
         ${misc:Depends},
         ${python3:Depends},
         ${sphinxdoc:Depends}
31
Recommends: python3-keyring
32
Description: utility for interacting with PyPI
33
 Twine is a tool for uploading distributions (in the Python meaning) to PyPi.
34
 .
35
 Why should twine be used over the traditional approach?
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
 .
 The biggest reason to use twine is that python setup.py upload uploads files
 over plaintext. This means anytime you use it you expose your username and
 password to a MITM attack. Twine uses only verified TLS to upload to PyPI
 protecting your credentials from theft.
 .
 Secondly it allows you to precreate your distribution files. python setup.py
 upload only allows you to upload something that you’ve created in the same
 command invocation. This means that you cannot test the exact file you’re
 going to upload to PyPI to ensure that it works before uploading it.
 .
 Finally it allows you to pre-sign your files and pass the .asc files into the
 command line invocation (twine upload twine-1.0.1.tar.gz
 twine-1.0.1.tar.gz.asc). This enables you to be assured that you’re typing
 your gpg passphrase into gpg itself and not anything else since you will be
 the one directly executing gpg --detach-sign -a <filename>.
 .
 Features:
 .
  - Verified HTTPS Connections
  - Uploading doesn’t require executing setup.py
  - Uploading files that have already been created, allowing testing of
    distributions before release
  - Supports uploading any packaging format (including wheels).