Back in 2022, @dstufft started a conversation about PEP 694, proposing a PyPI Upload 2.0 API. That discussion petered out back in October, but as it’s something I’m keenly interested in, I am restarting the discussion here in a new thread.
I just merged a significant update to PEP 694, also making myself co-author. I think that, and the 70+ messages in the other thread are enough to warrant a new discussion thread.
While the spirit and definition of the API proposed in the previous incarnation of the PEP is largely retained, some highlights of the changes I made[1] include:
- Added myself as a co-author.
- Changed some terminology to use “stage” rather than “draft” to describe the thing you are uploading non-public wheels to in a session.
- Proposed the root URL for PyPI to be
https://upload.pypi.org/2.0
- Added an optional “nonce” string to the session creation request, which allows clients to decide whether a staged preview is easily guessable or not. Both use cases, as well as the justification for “guessability” rather than “privacy” are described in more detail in the PEP.
- Renamed many of the JSON keys to better align with the change in terminology.
- Added or modified APIs for getting the session status, extending a session, canceling a session, and publishing a session.
- Updated the file upload protocol to better align with the active internet draft as the successor to the older tus.io protocol.
- Several other smaller changes which hopefully fill any gaps in the previous protocol.
Rather than post the full text of the updated PEP 694 here, please head on over to the published version.
Cheers!
besides copyediting and formatting ↩︎