From 34301128f86f75b6e99062affaac54f2dd36f4cb Mon Sep 17 00:00:00 2001 From: moto kawasaki Date: Mon, 25 Nov 2024 22:53:51 +0100 Subject: [PATCH 1/4] Translated using Weblate (Japanese) Currently translated at 97.1% (3321 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 97.0% (3316 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.7% (3308 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.6% (3303 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.4% (3297 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.3% (3294 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.2% (3289 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.1% (3287 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 96.0% (3282 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 95.7% (3272 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 95.6% (3270 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 95.6% (3269 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 95.4% (3261 of 3418 strings) Translated using Weblate (Japanese) Currently translated at 95.3% (3260 of 3418 strings) Co-authored-by: moto kawasaki Translate-URL: https://hosted.weblate.org/projects/pypa/packaging-python-org/ja/ Translation: pypa/packaging.python.org --- locales/ja/LC_MESSAGES/messages.po | 223 +++++++++++++++++++++++------ 1 file changed, 180 insertions(+), 43 deletions(-) diff --git a/locales/ja/LC_MESSAGES/messages.po b/locales/ja/LC_MESSAGES/messages.po index edaf28cdc..4b09c9ae1 100644 --- a/locales/ja/LC_MESSAGES/messages.po +++ b/locales/ja/LC_MESSAGES/messages.po @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-06-19 16:34+0000\n" -"PO-Revision-Date: 2024-11-03 06:00+0000\n" +"PO-Revision-Date: 2024-11-22 01:00+0000\n" "Last-Translator: moto kawasaki \n" "Language-Team: Japanese \n" @@ -19,7 +19,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 5.8.2\n" +"X-Generator: Weblate 5.9-dev\n" #: ../source/contribute.rst:5 msgid "Contribute to this guide" @@ -2644,7 +2644,7 @@ msgstr "" #: ../source/discussions/versioning.rst:158 #: ../source/specifications/version-specifiers.rst:114 msgid "Local version identifiers" -msgstr "ローカルバージョン指定子" +msgstr "ローカルバージョン識別子" #: ../source/discussions/versioning.rst:160 msgid "" @@ -24675,7 +24675,7 @@ msgstr "" #: ../source/specifications/version-specifiers.rst:43 msgid "Version scheme" -msgstr "バージョン枠組み" +msgstr "バージョン番号枠組み" #: ../source/specifications/version-specifiers.rst:45 msgid "" @@ -25532,10 +25532,15 @@ msgid "" "using the ``.`` character. This allows versions such as ``1.0+ubuntu-1`` to " "be normalized to ``1.0+ubuntu.1``." msgstr "" +"構成部分のセパレータとして ``.`` を使うことに加えて、" +"ローカルバージョン番号を使えば ``-`` や ``_`` " +"の使用も受け入れ可能です。標準形式は、 ``.`` " +"文字を使うことです。これによって、標準化すれば ``1.0+ubuntu.1`` となる ``1." +"0+ubuntu-1`` のようなバージョン番号も許容されます。" #: ../source/specifications/version-specifiers.rst:519 msgid "Preceding v character" -msgstr "" +msgstr "先駆する v の文字" #: ../source/specifications/version-specifiers.rst:521 msgid "" @@ -25545,10 +25550,15 @@ msgid "" "version. The same version with and without the ``v`` is considered " "equivalent." msgstr "" +"よくあるバージョン番号の表記方法である ``v1.0`` の形をサポートするために、" +"バージョン番号は単独の ``v`` の文字が先行していても構いません。この文字は、あ" +"らゆる目的において無視されなければならず、バージョン番号の標準化された形式で" +"は省略されるべきです。 ``v`` " +"の有無だけが異なるバージョン番号は、同一のものと見做されます。" #: ../source/specifications/version-specifiers.rst:528 msgid "Leading and Trailing Whitespace" -msgstr "" +msgstr "先行する空白文字や後続する空白文字" #: ../source/specifications/version-specifiers.rst:530 msgid "" @@ -25558,11 +25568,17 @@ msgid "" "be handled sensibly, such as a version like ``1.0\\n`` which normalizes to " "``1.0``." msgstr "" +"先行する空白文字や後続する空白文字は暗黙の裡に無視されなければならず、バージ" +"ョン番号の標準化された形式では除去されなければなりません。これには ``\"\"`` " +"・ ``\\t`` ・ ``\\n" +"`` ・ ``\\r`` ・ ``\\f`` ・ ``\\v`` が含まれます。これによって、標準化すれば " +"``1.0`` となる ``1.0\\n" +"`` のようなバージョン番号に見られる、偶然に入り込んだ空白文字を実用的に取り扱" +"うことができます。" #: ../source/specifications/version-specifiers.rst:537 -#, fuzzy msgid "Examples of compliant version schemes" -msgstr "規定に合致したバージョン番号の例を次に示す::" +msgstr "枠組みに合致したバージョン番号の例" #: ../source/specifications/version-specifiers.rst:539 msgid "" @@ -25573,6 +25589,12 @@ msgid "" "figuring out the relative order of versions, even though the rules above " "ensure all compliant tools will order them consistently." msgstr "" +"標準のバージョン番号の枠組みは、公開・非公開の Python プロジェクトにおける識" +"別の慣行を広い範囲で包含するように設計されています。実際上、ある単独のプロジ" +"ェクトでこの枠組みが提供するあらゆる自由度を使おうと試みるなら、上述のルール" +"に従うすべてのツールが首尾一貫して順序をつけることができる一方で、人間のユー" +"ザにとってはバージョン番号間の相対的な順序を解き明かすことに困難を感じること" +"になるでしょう。" #: ../source/specifications/version-specifiers.rst:546 msgid "" @@ -25581,36 +25603,41 @@ msgid "" "ensuring that the \"latest release\" and the \"latest stable release\" can " "be easily determined, both by human users and automated tools." msgstr "" +"この後に、プロジェクトがそのリリースを識別するために選択するかもしれない異な" +"るアプローチで、 \"最新リリース\" と \"最新のステーブルリリース\" を人間も自" +"動化ツールも簡単に決定できることが保証されたもののいくつかの例を示します。" #: ../source/specifications/version-specifiers.rst:551 -#, fuzzy msgid "Simple \"major.minor\" versioning::" -msgstr "一連番号によるバージョン付与" +msgstr "単純な \"メジャー.マイナー\" バージョン付け::" #: ../source/specifications/version-specifiers.rst:560 msgid "Simple \"major.minor.micro\" versioning::" -msgstr "" +msgstr "単純な \"メジャー.マイナー.マイクロ\" バージョン付け::" #: ../source/specifications/version-specifiers.rst:568 msgid "" "\"major.minor\" versioning with alpha, beta and candidate pre-releases::" -msgstr "" +msgstr "アルファ・ベータや公開候補 のようなプレリリースを伴う \"メジャー." +"マイナー\" バージョン付け::" #: ../source/specifications/version-specifiers.rst:580 msgid "" "\"major.minor\" versioning with developmental releases, release candidates " "and post-releases for minor corrections::" msgstr "" +"開発リリース 、リリース候補 " +"やポストリリースのある \"メジャー.マイナー\" バージョン付け::" #: ../source/specifications/version-specifiers.rst:595 msgid "" "Date based releases, using an incrementing serial within each year, skipping " "zero::" -msgstr "" +msgstr "ゼロを飛ばして各年の中で増加するシリアル値を使った日付ベースのリリース番号::" #: ../source/specifications/version-specifiers.rst:609 msgid "Summary of permitted suffixes and relative ordering" -msgstr "" +msgstr "許容される接尾辞と相対的な順序付けのまとめ" #: ../source/specifications/version-specifiers.rst:613 msgid "" @@ -25618,6 +25645,9 @@ msgid "" "process distribution metadata, rather than developers of Python " "distributions deciding on a versioning scheme." msgstr "" +"この節では、バージョニング方法を決めようとしている Python 配布物の開発者向け" +"というよりは、むしろ、一義的には配布物のメタデータを自動的に処理するツールの" +"作者に向けて書かれています。" #: ../source/specifications/version-specifiers.rst:617 msgid "" @@ -25625,6 +25655,9 @@ msgid "" "numeric value of the given epoch. If no epoch segment is present, the " "implicit numeric value is ``0``." msgstr "" +"バージョン識別子のエポック構成部分は、当該エポックの数値としての値に従って整" +"序されなければなりません。エポック構成部分が存在しない場合には、暗黙のうちに " +"``0`` の値と解釈します。" #: ../source/specifications/version-specifiers.rst:621 msgid "" @@ -25632,18 +25665,24 @@ msgid "" "as Python's tuple sorting when the normalized release segment is parsed as " "follows::" msgstr "" +"バージョン識別子のリリース構成部分は、" +"標準化されたリリース構成部分を解釈する時には以下のように Python " +"のタプルソーティングと同じ順序で格納されていなければなりません::" #: ../source/specifications/version-specifiers.rst:627 msgid "" "All release segments involved in the comparison MUST be converted to a " "consistent length by padding shorter segments with zeros as needed." -msgstr "" +msgstr "比較に関わるすべてのリリース構成部分は、必要に応じて不足する構成部分にゼロを" +"補填することで長さを一致させなければなりません。" #: ../source/specifications/version-specifiers.rst:630 msgid "" "Within a numeric release (``1.0``, ``2.7.3``), the following suffixes are " "permitted and MUST be ordered as shown::" msgstr "" +"リリース番号の数字部分 (``1.0`` や ``2.7.3``) の中では、後述の接尾辞が許され" +"ており、下に示す通りに順序付けをしなければなりません::" #: ../source/specifications/version-specifiers.rst:635 msgid "" @@ -25652,6 +25691,11 @@ msgid "" "same ``N`` for both a ``c`` and a ``rc`` in the same release segment as " "ambiguous and remain in compliance with the specification." msgstr "" +"``c`` が意味の上で ``rc`` と同等のものであると見做されていて、恰も本当に " +"``rc`` であるかのように並べ替えされる点を銘記してください。ツール群は、" +"同じリリース構成部分内に ``c`` と ``rc`` の両方に同一の ``N`` を付けたものが" +"来た場合には曖昧であるとしてこれを拒否しても構いませんが、これでも仕様には合" +"致しています。" #: ../source/specifications/version-specifiers.rst:640 msgid "" @@ -25659,12 +25703,16 @@ msgid "" "(``1.0rc1``, ``1.0c1``), the following suffixes are permitted and MUST be " "ordered as shown::" msgstr "" +"アルファ (``1.0a1``) 、ベータ (``1.0b1``) 、あるいはリリース候補 (``1.0rc1``" +", ``1.0c1``) の中では、後述の接尾辞が許されていて、示される通りに並べ替えられ" +"なければなりません::" #: ../source/specifications/version-specifiers.rst:646 msgid "" "Within a post-release (``1.0.post1``), the following suffixes are permitted " "and MUST be ordered as shown::" -msgstr "" +msgstr "ポストリリース (``1.0.post1``) の中では、後述の接尾辞が許されていて、示す通り" +"に並べ替えられなければなりません::" #: ../source/specifications/version-specifiers.rst:651 msgid "" @@ -25672,20 +25720,26 @@ msgid "" "used immediately following a numeric version (e.g. ``1.0.dev456``, ``1.0." "post1``)." msgstr "" +"バージョン番号の数字部分の直後に置く場合 (例えば ``1.0.dev456`` や ``1.0." +"post1``) であっても、 ``devN`` と ``postN`` " +"は、常にドットに後続しなければならないことを銘記してください。" #: ../source/specifications/version-specifiers.rst:655 msgid "" "Within a pre-release, post-release or development release segment with a " "shared prefix, ordering MUST be by the value of the numeric component." msgstr "" +"共通の先行部分を持つプレリリース構成部分、ポストリリース構成部分、あるいは開" +"発リリース構成部分の中で、数値部分の値に従って順序付けをしなければなりません" +"。" #: ../source/specifications/version-specifiers.rst:658 msgid "The following example covers many of the possible combinations::" -msgstr "" +msgstr "可能なバージョン番号の例を以下に示します::" #: ../source/specifications/version-specifiers.rst:683 msgid "Version ordering across different metadata versions" -msgstr "" +msgstr "相異なるメタデータバージョンを通してバージョン番号を順序付けする" #: ../source/specifications/version-specifiers.rst:685 msgid "" @@ -25693,6 +25747,10 @@ msgid "" "standard version identification or ordering scheme. However metadata v1.2 (:" "pep:`345`) does specify a scheme which is defined in :pep:`386`." msgstr "" +"メタデータ v1.0 (pep:`241`) および メタデータ (:pep:`314`) は、標準となるバー" +"ジョン番号の識別や順序付けの枠組みを指定していません。しかしながら、" +"メタデータ v1.2 (:pep:`345`) では、 :pep:`386` " +"で定義された枠組みを指定しています。" #: ../source/specifications/version-specifiers.rst:689 msgid "" @@ -25704,6 +25762,13 @@ msgid "" "requirements necessitate a standardization across one parsing mechanism to " "be used for all versions of a project." msgstr "" +"単純なインストーラ API の特性の故に、特定の配布物がどのバージョンのメタデータ" +"を使っているかをインストーラが意識することは不可能です。さらに、インストーラ" +"は、どのバージョンをインストールするべきであるかを決定するために、すべての、" +"または、可能な限り多くのバージョンのプロジェクトを含む合理的に優先順位付けさ" +"れたリストを作成することができるように要求されています。これらの要求事項によ" +"って、あるプロジェクトのすべてのバージョンにおいてひとつの解析メカニズムが使" +"われるような標準化が必要とされます。" #: ../source/specifications/version-specifiers.rst:697 msgid "" @@ -25714,17 +25779,23 @@ msgid "" "and ordering schemes if no versions complying with this specification are " "available." msgstr "" +"上記のことによって、この仕様では、全てのメタデータのバージョンに使われなけれ" +"ばならず、メタデータ v1.2 であってさえも :pep:`386` を上書きする形で使われな" +"ければなりません。ツール類は、この仕様に示された規則に従って解釈できないバー" +"ジョン番号をすべて無視するべきですが、この仕様に合致するバージョン番号がひと" +"つも利用可能でない時には、それぞれの実装で定義されたバージョン番号の解釈や順" +"序付けにフォールバックしても構いません。" #: ../source/specifications/version-specifiers.rst:703 msgid "" "Distribution users may wish to explicitly remove non-compliant versions from " "any private package indexes they control." -msgstr "" +msgstr "配布物のユーザは、自分が管理するプライベートなパッケージインデックスにおいて" +"、合致しないバージョン番号を明示的に除去しても構いません。" #: ../source/specifications/version-specifiers.rst:708 -#, fuzzy msgid "Compatibility with other version schemes" -msgstr "universal wheelsの取り扱い" +msgstr "他のバージョン番号の枠組みとの互換性" #: ../source/specifications/version-specifiers.rst:710 msgid "" @@ -25734,6 +25805,11 @@ msgid "" "the metadata while the translated public version is published in the version " "field." msgstr "" +"プロジェクトの中には、この使用で定義された公開のバージョン番号枠組みに合致す" +"るために翻訳を要求するようなバージョン番号枠組みを使うことを選択するものもあ" +"ります。そのような場合には、当該プロジェクトに特有のバージョン番号をメタデー" +"タに格納しておく一方で、公開のバージョン番号を version " +"フィールドに置くことができます。" #: ../source/specifications/version-specifiers.rst:715 msgid "" @@ -25741,6 +25817,10 @@ msgid "" "ordering of published releases, while still allowing developers to use the " "internal versioning scheme they prefer for their projects." msgstr "" +"これによって、自動化された配布物ツール類が公開されたリリース群の一貫性のある" +"形で正確な順序付けを提供することができる一方、開発者側では依然として自分たち" +"のプロジェクト向けに好みの内部的なバージョン番号枠組みを使うことが許されます" +"。" #: ../source/specifications/version-specifiers.rst:723 msgid "" @@ -25752,6 +25832,12 @@ msgid "" "on other distributions, and when publishing a distribution that others rely " "on." msgstr "" +"`セマンティックバージョニング`_ は、リリース番号の異なる要素の重要性に関して" +"、この仕様以前から慣例として認められた人気のあるバージョン番号の識別の枠組み" +"です。あるプロジェクトがセマンティックバージョニングの詳細を受け入れないこと" +"を選択した場合であっても、他の配布物に依存する時や他のプロジェクトが依存する" +"配布物を公開する時に発生する多くの課題を網羅するためにも、この枠組みは理解し" +"ておくに値します。" #: ../source/specifications/version-specifiers.rst:730 msgid "" @@ -25760,6 +25846,10 @@ msgid "" "specification) are fully compatible with the version scheme defined in this " "specification, and abiding by these aspects is encouraged." msgstr "" +"(2.0.0 仕様の1-8 節の) セマンティックバージョニングの (\"メジャー.マイナー." +"マイクロ\" としてこの仕様に記されている) \"メジャー.マイナー.パッチ\" の形は" +"、この仕様で定義されるバージョン番号枠組みと完全に互換であり、この形を受容す" +"ることが推奨されています。" #: ../source/specifications/version-specifiers.rst:735 msgid "" @@ -25767,6 +25857,10 @@ msgid "" "sign (builds - clause 11) are *not* compatible with this specification and " "are not permitted in the public version field." msgstr "" +"ハイフンを含むセマンティックバージョン (pre-releases - clause 10) " +"やプラス記号を含むセマンティックバージョン (builds - clause 11) は、" +"この仕様と *互換性がなく* " +"、公開のバージョン番号フィールドでは許されていません。" #: ../source/specifications/version-specifiers.rst:739 msgid "" @@ -25774,16 +25868,18 @@ msgid "" "labels to compatible public versions is to use the ``.devN`` suffix to " "specify the appropriate version order." msgstr "" +"ソースラベルに基づいたそのようなセマンティックバージョニングを公開バージョン" +"番号と互換性のあるものに翻訳する可能なメカニズムの一つは、 ``.devN`` " +"接尾辞を使って適切なバージョン番号の順序を指定することです。" #: ../source/specifications/version-specifiers.rst:743 msgid "" "Specific build information may also be included in local version labels." -msgstr "" +msgstr "特定のビルド情報も、ローカルのバージョン番号のラベルに含めても構いません。" #: ../source/specifications/version-specifiers.rst:749 -#, fuzzy msgid "DVCS based version labels" -msgstr "日付ベースのバージョン付与" +msgstr "DVCS に基づいたバージョン番号のラベル" #: ../source/specifications/version-specifiers.rst:751 msgid "" @@ -25792,6 +25888,10 @@ msgid "" "As hashes cannot be ordered reliably such versions are not permitted in the " "public version field." msgstr "" +"多くのビルドツールは、バージョン識別子に識別のためのハッシュ値を付加するため" +"に、 Git や Mercurial のような分散バージョン管理システムを統合しています。ハ" +"ッシュ値は信頼できる形で順序付けすることができないので、そのようなバージョン" +"番号は公開のバージョンフィールドでは許されません。" #: ../source/specifications/version-specifiers.rst:756 msgid "" @@ -25799,16 +25899,19 @@ msgid "" "uniquely identify such releases for publication, while the original DVCS " "based label can be stored in the project metadata." msgstr "" +"セマンティックバージョニングの場合と同様に、元の DVCS ベースのラベルをプロジ" +"ェクトのメタデータに格納することができない一方で、そのようなリリースを公開す" +"る際に一意に識別するために、公開の ``.devN`` 接尾辞をつけても構いません。" #: ../source/specifications/version-specifiers.rst:760 msgid "" "Identifying hash information may also be included in local version labels." -msgstr "" +msgstr "ハッシュ値の情報を識別することは、ローカルのバージョン番号ラベルに含めても構" +"いません。" #: ../source/specifications/version-specifiers.rst:764 -#, fuzzy msgid "Olson database versioning" -msgstr "日付ベースのバージョン付与" +msgstr "Olson データベースによるバージョニング" #: ../source/specifications/version-specifiers.rst:766 msgid "" @@ -25816,6 +25919,9 @@ msgid "" "Olson timezone database versioning scheme: the year followed by a lowercase " "character indicating the version of the database within that year." msgstr "" +"``pytz`` プロジェクトは、バージョニング方法を対応する Olson " +"タイムゾーンデータベースのバージョニング方法から継承しています: 年と、それに" +"後続する小文字の文字でその年の中でのデータベースのバージョンを示すもの。" #: ../source/specifications/version-specifiers.rst:770 msgid "" @@ -25824,46 +25930,53 @@ msgid "" "release) and is incremented with each subsequent database update within the " "year." msgstr "" +"これは、 ``.`` として (訳註、標準に) " +"適合する公開のバージョン識別子に翻訳することができ、そこでは ('' " +"リリースに対して) シリアル番号が0か1から始まって、その年の内にデータベース" +"が更新される度に1づつ増加されます。" #: ../source/specifications/version-specifiers.rst:775 msgid "" "As with other translated version identifiers, the corresponding Olson " "database version could be recorded in the project metadata." msgstr "" +"他の翻訳されたバージョン識別子と同様に、対応する Olson データベースのバージョ" +"ン番号は、そのプロジェクトのメタデータに記録しておくことが可能です。" #: ../source/specifications/version-specifiers.rst:782 msgid "" "A version specifier consists of a series of version clauses, separated by " "commas. For example::" -msgstr "" +msgstr "バージョン指定子は、一連のバージョン番号節をコンマで区切ったものから構成され" +"ます。例えば::" #: ../source/specifications/version-specifiers.rst:787 msgid "The comparison operator determines the kind of version clause:" -msgstr "" +msgstr "比較演算子がバージョン番号節の種類を決定します:" #: ../source/specifications/version-specifiers.rst:789 msgid "``~=``: `Compatible release`_ clause" -msgstr "" +msgstr "``~=``: `互換性のあるリリース `_ 節" #: ../source/specifications/version-specifiers.rst:790 msgid "``==``: `Version matching`_ clause" -msgstr "" +msgstr "``==``: `バージョン番号のマッチング `_ 節" #: ../source/specifications/version-specifiers.rst:791 msgid "``!=``: `Version exclusion`_ clause" -msgstr "" +msgstr "``!=``: `バージョンの除外 `_ 節" #: ../source/specifications/version-specifiers.rst:792 msgid "``<=``, ``>=``: `Inclusive ordered comparison`_ clause" -msgstr "" +msgstr "``<=``, ``>=``: `境界を含む順序比較 `_ 節" #: ../source/specifications/version-specifiers.rst:793 msgid "``<``, ``>``: `Exclusive ordered comparison`_ clause" -msgstr "" +msgstr "``<``, ``>``: `境界を含まない順序比較 `_ 節" #: ../source/specifications/version-specifiers.rst:794 msgid "``===``: `Arbitrary equality`_ clause." -msgstr "" +msgstr "``===``: `あらゆる意味での同一性 `_ clause." #: ../source/specifications/version-specifiers.rst:796 msgid "" @@ -25871,12 +25984,16 @@ msgid "" "version must match all given version clauses in order to match the specifier " "as a whole." msgstr "" +"コンマ (\",\") は、論理 **積** 演算子と同一のものです: 候補バージョン番号は、" +"全体として指定子に合致するために、すべての与えられた節が合致しなければなりま" +"せん。" #: ../source/specifications/version-specifiers.rst:800 msgid "" "Whitespace between a conditional operator and the following version " "identifier is optional, as is the whitespace around the commas." -msgstr "" +msgstr "条件演算子とその後のバージョン識別子の間の空白文字は、コンマの周囲の空白文字" +"と同様にオプションです。" #: ../source/specifications/version-specifiers.rst:803 msgid "" @@ -25886,6 +26003,11 @@ msgid "" "releases are considered as candidate versions SHOULD be handled as described " "in `Handling of pre-releases`_." msgstr "" +"複数の候補バージョンがバージョン識別子に合致する時には、好ましいバージョンは" +"、標準の `バージョン番号枠組み `_ で定義された首尾一貫する順" +"序付けによって決定される最新のバージョンです。プレリリースが候補バージョンだ" +"と見做されるか否かは、 `プレリリースの取り扱い `_ " +"に記述されているとおりに扱われるべきです。" #: ../source/specifications/version-specifiers.rst:809 msgid "" @@ -25893,10 +26015,13 @@ msgid "" "permitted in version specifiers, and local version labels MUST be ignored " "entirely when checking if candidate versions match a given version specifier." msgstr "" +"以下で特に注記される場合を除いて、バージョン指定子内ではローカルバージョン指" +"定子は許されてはならず、あるバージョン指定子に合致する候補バージョンかどうか" +"を調べる際にはローカルバージョンラベルは完全に無視されなければなりません。" #: ../source/specifications/version-specifiers.rst:818 msgid "Compatible release" -msgstr "" +msgstr "互換性のあるリリース " #: ../source/specifications/version-specifiers.rst:820 msgid "" @@ -25904,6 +26029,9 @@ msgid "" "``~=`` and a version identifier. It matches any candidate version that is " "expected to be compatible with the specified version." msgstr "" +"互換性のあるリリース節は、互換リリース演算子 ``~=`` とバージョン識別子から構" +"成されます。指定されたバージョンと互換性があるものと期待されるすべての候補バ" +"ージョンに合致します。" #: ../source/specifications/version-specifiers.rst:824 msgid "" @@ -25911,23 +26039,27 @@ msgid "" "`Version scheme`_. Local version identifiers are NOT permitted in this " "version specifier." msgstr "" +"指定されたバージョン識別子は、 `バージョン番号枠組み Date: Mon, 25 Nov 2024 22:53:51 +0100 Subject: [PATCH 2/4] Translated using Weblate (Chinese (Simplified Han script)) Currently translated at 26.5% (957 of 3600 strings) Co-authored-by: hello_wac Translate-URL: https://hosted.weblate.org/projects/pypa/packaging-python-org/zh_Hans/ Translation: pypa/packaging.python.org --- locales/zh_Hans/LC_MESSAGES/messages.po | 449 ++++++++++++++++++------ 1 file changed, 348 insertions(+), 101 deletions(-) diff --git a/locales/zh_Hans/LC_MESSAGES/messages.po b/locales/zh_Hans/LC_MESSAGES/messages.po index fe5e8bd9e..672d0be7d 100644 --- a/locales/zh_Hans/LC_MESSAGES/messages.po +++ b/locales/zh_Hans/LC_MESSAGES/messages.po @@ -26,14 +26,14 @@ # Thomas , 2023, 2024. # 大王叫我来巡山 , 2024. # Peter Shen , 2024. +# hello_wac , 2024. msgid "" msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-10-30 00:39+0000\n" -"PO-Revision-Date: 2024-09-21 00:40+0000\n" -"Last-Translator: 大王叫我来巡山 \n" +"PO-Revision-Date: 2024-11-12 08:00+0000\n" +"Last-Translator: hello_wac \n" "Language-Team: Chinese (Simplified Han script) \n" "Language: zh_Hans\n" @@ -41,11 +41,11 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 5.8-dev\n" +"X-Generator: Weblate 5.8.2\n" #: ../source/contribute.rst:5 msgid "Contribute to this guide" -msgstr "为指南作贡献" +msgstr "OOp" #: ../source/contribute.rst:7 msgid "" @@ -746,9 +746,8 @@ msgid "Configuration management" msgstr "配置管理" #: ../source/discussions/distribution-package-vs-import-package.rst:5 -#, fuzzy msgid "Distribution package vs. import package" -msgstr "发行版与导入包比较" +msgstr "分发包与导入包比较" #: ../source/discussions/distribution-package-vs-import-package.rst:7 msgid "" @@ -757,6 +756,9 @@ msgid "" "related meanings in Python packaging, \"distribution package\" and \"import " "package\"." msgstr "" +"多个不同的概念通常会用 \"package\" 一词来表示。本页面将澄清 Python " +"打包管理中涉及的两个概念,他们既相关又有不同的含义,以及他们之间的区别,即 " +"\"分发包\"(distribution package)和 \"导入包\"(import package)。" #: ../source/discussions/distribution-package-vs-import-package.rst:13 msgid "What's a distribution package?" @@ -773,6 +775,12 @@ msgid "" "Alternatively, the term \"distribution package\" can be used to refer to a " "specific file that contains a certain version of a project." msgstr "" +"分发包(distribution package)是可安装的一段软件。通常情况下,它与 \"项目\"" +"(project)同义。当你输入 ``pip install pkg`` ,或在 ``pyproject.toml`` " +"文件中写入 ``dependencies = [\"pkg\"]`` 时, ``pkg`` 就是一个分发包的名称。" +"当你在 PyPI_(目前最广为人知的 Python " +"库和工具的集中安装源)上搜索或浏览时,所看到的列表就是分发包的列表。另外," +"\"分发包\" 这个术语也可以用来指代包含项目特定版本的某个文件。" #: ../source/discussions/distribution-package-vs-import-package.rst:24 msgid "" @@ -781,6 +789,9 @@ msgid "" "by the system package manager of the `Linux distribution `_, which " "is a different meaning." msgstr "" +"请注意,在 Linux 领域中,“分发软件包”通常缩写为 “distro package” 或简单称为 " +"“package”,指的是由 ` Linux 发行版 `_ 的系统包管理器提供的内容," +"这与 Python 中的含义不同。" #: ../source/discussions/distribution-package-vs-import-package.rst:31 msgid "What's an import package?" @@ -796,6 +807,12 @@ msgid "" "is a directory on the file system, containing modules as ``.py`` files and " "subpackages as subdirectories." msgstr "" +"导入包(import package)是一个 Python 模块。因此,当你在 Python 代码中编写 ``" +"import pkg`` 或 ``from pkg import func`` 时, ``pkg`` " +"就是导入包的名称。更准确地说,导入包是可以包含子模块的特殊 Python " +"模块。例如, ``numpy`` 包包含像 ``numpy.linalg`` 和 ``numpy.fft`` " +"这样的模块。通常,导入包是文件系统中的一个目录,其中包含作为 ``.py`` " +"文件的模块和作为子目录的子包。" #: ../source/discussions/distribution-package-vs-import-package.rst:42 msgid "" @@ -824,6 +841,10 @@ msgid "" "blindly install the PyPI package ``foo`` if you see ``import foo``; this may " "install an unintended, and potentially even malicious package.)" msgstr "" +"然而,这只是一种约定。PyPI 和其他包索引 **并不强制要求** " +"分发包的名称与其提供的导入包之间存在任何关系。(其结果是,当你看到 ``import " +"foo`` 时,不能盲目地安装 PyPI 包 ``foo`` " +";这样可能会安装一个非预期的,甚至是恶意的包。)" #: ../source/discussions/distribution-package-vs-import-package.rst:59 msgid "" @@ -836,6 +857,11 @@ msgid "" "generally, a fork of an existing library is a common reason for differing " "names between the distribution package and the import package." msgstr "" +"一个分发包可以提供一个名称不同的导入包。一个例子是广受欢迎的图像处理库 " +"Pillow_ 。它的分发包名称是 ``Pillow``,但它提供的导入包名称是 " +"``PIL``。这是出于历史原因:Pillow 最初是 PIL 库的一个分支,因此它保留了 " +"``PIL`` 作为导入名称,以便现有的 PIL 用户可以轻松切换到 Pillow " +"。更普遍来说,现有库的分支是导致分发包和导入包名称不同的常见原因。" #: ../source/discussions/distribution-package-vs-import-package.rst:69 msgid "" @@ -844,6 +870,9 @@ msgid "" "packages with the same name can be provided by several distribution " "packages. Again, forks are a common reason for this." msgstr "" +"在特定的包索引(如 PyPI)上,分发包名称必须是唯一的。另一方面,导入包则没有这种" +"要求。多个分发包可以提供同名的导入包。同样地,分支(fork)是导致这种情况的常" +"见原因。" #: ../source/discussions/distribution-package-vs-import-package.rst:74 msgid "" @@ -852,10 +881,13 @@ msgid "" "which provides both an ``attrs`` import package with a newer API, and an " "``attr`` import package with an older but supported API." msgstr "" +"相反,一个分发包也可以提供多个导入包,尽管这种情况较为少见。一个例子是 " +"attrs_ 分发包,它提供了一个带有较新 API 的 ``attrs`` 导入包," +"以及一个较旧但仍受支持的 ``attr`` 导入包。" #: ../source/discussions/distribution-package-vs-import-package.rst:81 msgid "How do distribution package names and import package names compare?" -msgstr "" +msgstr "分发包名称和导入包名称如何比较?" #: ../source/discussions/distribution-package-vs-import-package.rst:83 msgid "" @@ -864,6 +896,9 @@ msgid "" "[#non-identifier-mod-name]_. In particular, they use underscores ``_`` as " "word separator and they are case-sensitive." msgstr "" +"导入包的名称应为有效的 Python 标识符(具体规则可以在 Python " +"文档中找到::ref:``)[#non-identifier-mod-name]_ " +"。特别地,它们使用下划线 ``_`` 作为单词分隔符,并且区分大小写。" #: ../source/discussions/distribution-package-vs-import-package.rst:88 msgid "" @@ -875,6 +910,11 @@ msgid "" "``pip install awesome-package`` (the precise rules are given in the :ref:" "`name normalization specification `)." msgstr "" +"另一方面,分发包可以使用连字符 ``-`` 或下划线 ``_`` 。它们还可以包含点号 " +"``.`` ,这有时用于打包 :ref:`命名空间包` " +"的子包。对于大多数用途,它们对大小写和 ``-`` 与 ``_`` 的区别不敏感,例如, ``" +"pip install Awesome_Package`` 和 ``pip install awesome-package`` 是相同的(" +"具体规则可以在 ```` 名称规范中找到)。" #: ../source/discussions/distribution-package-vs-import-package.rst:101 msgid "" @@ -882,6 +922,8 @@ msgid "" "have a valid Python identifier as their name, using :doc:`importlib `, this is vanishingly rare and strongly discouraged." msgstr "" +"尽管从技术上讲,通过使用 :doc:`importlib ` " +"可以导入名称不是有效 Python 标识符的包/模块,但这种情况极为罕见且强烈不推荐。" #: ../source/discussions/index.rst:4 msgid "" @@ -935,8 +977,8 @@ msgid "" "breaks the compatibility of your project with v2 of 'A' and later, so it " "makes sense to not allow v2:" msgstr "" -"项目A在v2版本中添加了一个改变,该改变将打破你项目向后的兼容性,所以排除v2版本" -"是合理的:" +"也可以了解到,项目 'A' 在其 v2 版本中引入了一个更改,破坏了你的项目与 'A' 的 " +"v2 及以后的版本的兼容性,因此不允许使用 v2 是有意义的:" #: ../source/discussions/install-requires-vs-requirements.rst:49 msgid "" @@ -1025,15 +1067,14 @@ msgstr "" "caremad.io/posts/2013/07/setup-vs-requirement/ 。" #: ../source/discussions/package-formats.rst:5 -#, fuzzy msgid "Package Formats" -msgstr "上传软件包" +msgstr "包的格式" #: ../source/discussions/package-formats.rst:7 msgid "" "This page discusses the file formats that are used to distribute Python " "packages and the differences between them." -msgstr "" +msgstr "本页讨论了用于分发 Python 包的文件格式及其之间的区别。" #: ../source/discussions/package-formats.rst:10 msgid "" @@ -1046,11 +1087,16 @@ msgid "" "publishing a package on PyPI (or elsewhere), you should always upload both " "an sdist and one or more wheel." msgstr "" +"在像 PyPI_ 这样的包索引中,你会找到两种格式的文件:**源代码分发包**(简称 " +"**sdists**)和 **二进制分发包**,通常称为 **wheels**。例如,`PyPI 上的 pip " +"23.3.1 页面 `_ 允许你下载两个文件,``pip-23.3.1.tar.gz`` 和 " +"``pip-23.3.1-py3-none-any.whl``。前者是一个 sdist,后者是一个 " +"wheel。如下面所解释的,这两者有不同的用途。当在 PyPI(或其他地方)发布包时," +"你应该始终上传一个 sdist 和一个或多个 wheel 文件。" #: ../source/discussions/package-formats.rst:21 -#, fuzzy msgid "What is a source distribution?" -msgstr "什么是分发包?" +msgstr "什么是源分发?" #: ../source/discussions/package-formats.rst:23 msgid "" @@ -1062,6 +1108,11 @@ msgid "" "INFO`` file follows the format specified in :ref:`core-metadata` and is not " "intended to be written by hand [#core-metadata-format]_." msgstr "" +"从概念上讲,源代码分发包是原始形式的源代码归档。具体来说,sdist 是一个 ``.tar" +".gz`` 压缩包,包含源代码以及一个额外的特殊文件 ``PKG-INFO`` ,该文件存储项目" +"的元数据。这个文件的存在帮助打包工具提高效率,因为它不需要自己计算元数据。 " +"``PKG-INFO`` 文件遵循 :ref:`core-metadata` 中规定的格式,并不打算手动编写 " +"[#core-metadata-format]_ 。" #: ../source/discussions/package-formats.rst:31 msgid "" @@ -1070,6 +1121,10 @@ msgid "" "(like Linux and macOS), or :ref:`the command line interface of Python's " "tarfile module ` on any platform." msgstr "" +"因此,你可以通过使用标准的工具解压缩 sdist 来检查其内容,这些工具用于处理 " +"tar 归档文件,例如在 UNIX 平台(如 Linux 和 macOS)上使用 ``tar -xvf`` ," +"或者在任何平台上使用 :ref:`Python tarfile 模块的命令行界面 ` 。" #: ../source/discussions/package-formats.rst:36 msgid "" @@ -1081,28 +1136,38 @@ msgid "" "Homebrew and MacPorts on macOS, ...), who, for various reasons, may prefer " "them over, e.g., pulling from a Git repository." msgstr "" +"Sdists 在打包生态系统中有多个用途。当标准的 Python 包安装工具 :ref:`pip` " +"无法找到要安装的 wheel 时,它会回退到下载源代码分发包,从中编译一个 wheel " +"并安装这个 wheel。此外,sdists 经常作为下游打包者(如 Linux 发行版、Conda、" +"macOS 上的 Homebrew 和 MacPorts " +"等)的包源,因为各种原因,他们可能会更倾向于使用源代码分发包,而不是例如从 " +"Git 仓库中拉取代码。" #: ../source/discussions/package-formats.rst:44 msgid "" "A source distribution is recognized by its file name, which has the form :" "samp:`{package_name}-{version}.tar.gz`, e.g., ``pip-23.3.1.tar.gz``." msgstr "" +"源分发通过其文件名识别,其格式为: :samp:`{package_name}-{version}.tar.gz`," +"例如 ``pip-23.3.1.tar.gz`` 。" #: ../source/discussions/package-formats.rst:50 msgid "" "If you want technical details on the sdist format, read the :ref:`sdist " "specification `." msgstr "" +"如果您需要有关 sdist 格式的技术细节,请阅读: :ref:`sdist 规范 ` 。" #: ../source/discussions/package-formats.rst:55 msgid "What is a wheel?" -msgstr "" +msgstr "什么是 wheel ?" #: ../source/discussions/package-formats.rst:57 msgid "" "Conceptually, a wheel contains exactly the files that need to be copied when " "installing the package." -msgstr "" +msgstr "从概念上讲,wheel 包含在安装包时所需要复制的文件。" #: ../source/discussions/package-formats.rst:60 msgid "" @@ -1113,6 +1178,11 @@ msgid "" "files) but compiled, executable code (like ``.so`` files on Linux or DLLs on " "Windows)." msgstr "" +"对于包含 :term:`扩展模块 ` 的包(这些模块用 C、C++ 和 Rust " +"等编译语言编写,需要编译成平台相关的机器代码),sdists 和 wheels " +"之间存在很大区别。对于这些包,wheels 不包含源代码(如 C " +"源文件),而是包含已编译的可执行代码(例如 Linux 上的 ``.so`` 文件或 Windows " +"上的 DLL 文件)。" #: ../source/discussions/package-formats.rst:66 msgid "" @@ -1123,6 +1193,10 @@ msgid "" "Python interpreter (unless the :ref:`Python stable ABI ` " "is used)." msgstr "" +"此外,虽然每个版本的项目只有一个 sdist,但可能有多个 wheels。同样,这在扩展模" +"块的上下文中最为相关。扩展模块的编译代码与操作系统和处理器架构相关,通常还与 " +"Python 解释器的版本相关(除非使用 :ref:`Python 稳定 ABI `" +" )。" #: ../source/discussions/package-formats.rst:72 msgid "" @@ -1131,6 +1205,9 @@ msgid "" "versions. Python is an interpreted language, which does not need ahead-of-" "time compilation, so wheels contain ``.py`` files just like sdists." msgstr "" +"对于纯 Python 包,sdists 和 wheels 之间的区别较小。通常情况下,所有平台和 " +"Python 版本共享一个单一的 wheel。Python 是一种解释型语言,不需要预编译,因此 " +"wheels 和 sdists 一样,包含 ``.py`` 文件。" #: ../source/discussions/package-formats.rst:77 msgid "" @@ -1140,6 +1217,10 @@ msgid "" "Python version instead of one single wheel. Instead, installers like :ref:" "`pip` generate them while installing the package." msgstr "" +"如果你对 ``.pyc`` 字节码文件有所疑问:它们不包含在 wheels " +"中,因为生成它们的成本很低,而且包含它们会不必要地迫使大量包为每个 Python " +"版本分发一个 wheel,而不是一个单一的 wheel。相反,像 :ref:`pip` " +"这样的安装工具会在安装包时生成这些文件。" #: ../source/discussions/package-formats.rst:83 msgid "" @@ -1152,6 +1233,11 @@ msgid "" "along with a hash of their content, as a safety check of the download's " "integrity." msgstr "" +"尽管如此,即使对于纯 Python 项目,sdists 和 wheels 之间仍然存在重要的区别。" +"Wheels 的目的是包含要安装的内容,并且不包含其他内容。特别是,wheels " +"不应包含测试和文档,而 sdists 通常会包含这些。此外,wheel 格式比 sdist " +"更复杂。例如,它包含一个特殊文件—— ``RECORD`` ,该文件列出了 wheel " +"中的所有文件及其内容的哈希值,用作下载完整性的安全检查。" #: ../source/discussions/package-formats.rst:91 msgid "" @@ -1166,6 +1252,13 @@ msgid "" "for your users, since a wheel is directly installable. By only including " "files that must be installed, wheels also make for smaller downloads." msgstr "" +"乍一看,你可能会想,\"纯粹的基础\" Python 项目是否真的需要 wheels。请记住," +"由于 sdists 的灵活性,像 pip 这样的安装工具不能直接从 sdists 安装——" +"它们需要首先通过调用 sdist 指定的 :term:`build backend` 来构建一个 wheel(" +"构建后端在构建 wheel 时可能会执行各种转换,例如编译 C 扩展)。因此,即使是纯 " +"Python 项目,你也应该始终将 *sdist* 和 *wheel* 都上传到 PyPI " +"或其他包索引。这会使你的用户安装速度更快,因为 wheel " +"可以直接安装。通过只包含必须安装的文件,wheels 也使得下载文件更小。" #: ../source/discussions/package-formats.rst:102 msgid "" @@ -1176,6 +1269,11 @@ msgid "" "interface of Python's zipfile module `. This can " "be very useful to check that the wheel includes all the files you need it to." msgstr "" +"在技术层面上,wheel 是一个 ZIP 归档文件(与 sdist 的 TAR 归档文件不同)。" +"你可以通过像处理普通 ZIP 归档文件一样解压它来检查其内容,例如,在 Linux 和 " +"macOS 等 UNIX 平台上使用 ``unzip`` ,在 Windows 上使用 Powershell 的 " +"``Expand-Archive`` ,或使用 :ref:`Python zipfile 模块的命令行界面 ` 。这对于检查 wheel 是否包含你需要的所有文件非常有用。" #: ../source/discussions/package-formats.rst:109 msgid "" @@ -1185,6 +1283,10 @@ msgid "" "equivalent of ``PKG-INFO`` in sdists, as well as ``RECORD``. This can be " "useful to ensure no files are missing from your wheels." msgstr "" +"在 wheel 中,你会找到包的文件,以及一个名为 :samp:`{package_name}-{version" +"}.dist-info` 的额外目录。该目录包含多个文件,其中包括 ``METADATA`` 文件," +"它相当于 sdist 中的 ``PKG-INFO`` ,以及 ``RECORD`` 文件。这对于确保你的 " +"wheel 中没有缺失文件非常有用。" #: ../source/discussions/package-formats.rst:115 msgid "" @@ -1194,6 +1296,10 @@ msgid "" "the wheel is compatible with. For example, the name ``pip-23.3.1-py3-none-" "any.whl`` means that:" msgstr "" +"一个 wheel 的文件名(忽略一些很少使用的特性)看起来是这样的: " +":samp:`{package_name}-{version}-{python_tag}-{abi_tag}-{platform_tag}.whl`。" +"这种命名约定用于标识 wheel 与哪些平台和 Python 版本兼容。例如,文件名 " +"``pip-23.3.1-py3-none-any.whl`` 意味着:" #: ../source/discussions/package-formats.rst:121 msgid "" @@ -1201,31 +1307,35 @@ msgid "" "whether CPython, the most widely used Python implementation, or an " "alternative implementation like PyPy_;" msgstr "" +"( ``py3`` )这个 wheel 可以安装在任何 Python 3 的实现上,无论是最广泛使用的 " +"Python 实现 CPython,还是像 PyPy_ 这样的替代实现;" #: ../source/discussions/package-formats.rst:124 msgid "(``none``) It does not depend on the Python version;" -msgstr "" +msgstr "( ``none`` ) 不依赖于 Python 版本;" #: ../source/discussions/package-formats.rst:125 msgid "(``any``) It does not depend on the platform." -msgstr "" +msgstr "(``any``) 它不依赖于任何平台。" #: ../source/discussions/package-formats.rst:127 msgid "" "The pattern ``py3-none-any`` is common for pure Python projects. Packages " "with extension modules typically ship multiple wheels with more complex tags." -msgstr "" +msgstr "``py3-none-any`` 这个模式通常用于纯 Python 项目。" +"包含扩展模块的包通常会提供多个具有更复杂标签的 wheels 。" #: ../source/discussions/package-formats.rst:130 msgid "" "All technical details on the wheel format can be found in the :ref:`wheel " "specification `." msgstr "" +"有关 wheel 格式的所有技术细节均可在: :ref:`wheel 规范 ` 中找到。" #: ../source/discussions/package-formats.rst:138 -#, fuzzy msgid "What about eggs?" -msgstr "那其他命令呢?" +msgstr "那么 eggs 格式呢?" #: ../source/discussions/package-formats.rst:140 msgid "" @@ -1233,23 +1343,22 @@ msgid "" "format. It should not be used anymore. Since August 2023, PyPI `rejects egg " "uploads `_." msgstr "" +"\"Egg\" 是一种旧的包格式,已经被 wheel 格式取代。现在不应再使用它。从 2023 " +"年 8 月起,PyPI 已经 `拒绝上传 egg 格式包 `_ 。" #: ../source/discussions/package-formats.rst:144 -#, fuzzy msgid "Here's a breakdown of the important differences between wheel and egg." msgstr "下面是关于 :term:`Wheel` 和 :term:`Egg` 之间的重要区别。" #: ../source/discussions/package-formats.rst:146 -#, fuzzy msgid "" "The egg format was introduced by :ref:`setuptools` in 2004, whereas the " "wheel format was introduced by :pep:`427` in 2012." msgstr "" -":term:`Egg` 格式是由 :ref:`setuptools` 在2004年引入的,而 :term:`Wheel` 格式" -"是由 :pep:`427` 在2012年引入。" +":term:`Egg` 格式是由 :ref:`setuptools` 在2004年引入的,而 :term:`Wheel` " +"格式是由 :pep:`427` 在2012年引入。" #: ../source/discussions/package-formats.rst:149 -#, fuzzy msgid "" "Wheel has an :doc:`official standard specification `. Egg did not." @@ -1258,19 +1367,17 @@ msgstr "" "format>`,而 :term:`Egg` 没有。" #: ../source/discussions/package-formats.rst:152 -#, fuzzy msgid "" "Wheel is a :term:`distribution ` format, i.e a " "packaging format. [#wheel-importable]_ Egg was both a distribution format " "and a runtime installation format (if left zipped), and was designed to be " "importable." msgstr "" -":term:`Wheel`是一种 :term:`distribution `格式,也就是一" -"种打包格式。[1]_ :term:`Egg`既是一种发行格式,也是一种运行时的安装格式(如果" -"留下压缩包),并被设计为可导入。" +":term:`Wheel`是一种 :term:`分发 `格式,也就是一种打包格式。 [1]_ :term:`Egg` 既是一种发行格式,也是一" +"种运行时的安装格式(如果留下压缩包),并被设计为可导入。" #: ../source/discussions/package-formats.rst:156 -#, fuzzy msgid "" "Wheel archives do not include ``.pyc`` files. Therefore, when the " "distribution only contains Python files (i.e. no compiled extensions), and " @@ -1278,40 +1385,36 @@ msgid "" "\"universal\", similar to an :term:`sdist `." msgstr "" -":term:`Wheel`档案不包括 .pyc 文件。因此,当发行版只包含 Python 文件(即没有编" -"译的扩展),并且与 Python 2 和 3 兼容时,wheel 有可能是 「通用」的,类似于 :" -"term:`sdist `。" +":term:`Wheel`格式不包括 ``.pyc`` 文件。因此,当发行版只包含 Python " +"文件(即没有编译的扩展),并且与 Python 2 和 3 兼容时,wheel 有可能是 " +"「通用」的,类似于 :term:`sdist ` " +"(源分发)。" #: ../source/discussions/package-formats.rst:161 -#, fuzzy msgid "" "Wheel uses standard :ref:`.dist-info directories `. Egg used ``.egg-info``." msgstr "" -":term:`Wheel` 使用 :pep:`PEP376-compliant <376>```.dist-info`` 目录。 Egg 使" -"用 ``.egg-info`` 。" +"Wheel 使用标准 :ref:`.dist-info 目录 ` 。Egg " +"使用 ``.egg-info`` 。" #: ../source/discussions/package-formats.rst:164 -#, fuzzy msgid "" "Wheel has a :ref:`richer file naming convention `. A " "single wheel archive can indicate its compatibility with a number of Python " "language versions and implementations, ABIs, and system architectures." msgstr "" -":term:`Wheel`有一个 :pep:`更丰富的文件命名约定 <425>`。一个单一的 wheel 档案" -"可以表明它与许多 Python 语言版本和工具、ABI 以及系统架构的兼容性。" +":term:`Wheel`有一个 :pep:`更丰富的文件命名约定 <425>`。一个单一的 wheel " +"档案可以表明它与许多 Python 语言版本和工具、ABI 以及系统架构的兼容性。" #: ../source/discussions/package-formats.rst:168 -#, fuzzy msgid "" "Wheel is versioned. Every wheel file contains the version of the wheel " "specification and the implementation that packaged it." -msgstr "" -":term:`Wheel`是有版本的。每个 wheel 文件都包含 wheel 规范的版本和包装它的工" -"具。" +msgstr ":term:`Wheel` 是有版本的。每个 wheel 文件都包含 wheel " +"规范的版本和包装它的工具。" #: ../source/discussions/package-formats.rst:171 -#, fuzzy msgid "" "Wheel is internally organized by `sysconfig path type `_, therefore making it " @@ -1329,6 +1432,10 @@ msgid "" "backend, typically ``[project]`` in ``pyproject.toml``, and translated by " "the build backend into ``PKG-INFO``." msgstr "" +"该格式是基于电子邮件的。尽管今天不太可能选择这种格式,但出于向后兼容性考虑," +"它仍然作为规范格式保留下来。从用户的角度来看,这通常是不可见的,因为元数据是" +"以构建后端可以理解的方式由用户指定的,通常是在 ``pyproject.toml`` 中的 " +"``[project]`` 部分,并由构建后端转换为 ``PKG-INFO`` 文件。" #: ../source/discussions/package-formats.rst:184 msgid "" @@ -1336,8 +1443,8 @@ msgid "" "format, although :ref:`this is not officially supported at this time `." msgstr "" -"在某些情况下,wheels 可用作可导入的运行时格式,尽管 :ref:` 目前官方并不支持 " -" `。" +"在某些情况下,wheels 可以作为可导入的运行时格式使用,尽管 :ref:`" +"目前官方并不支持这种用法 ` 。" #: ../source/discussions/pip-vs-easy-install.rst:6 msgid "pip vs easy_install" @@ -1513,6 +1620,10 @@ msgid "" "example (a similar practice is used by other tools like *nox* and its :file:" "`noxfile.py` configuration file, or *pytest* and :file:`conftest.py`)." msgstr "" +"Setuptools 完全可以作为打包 Python 项目的 :term:`构建后端` 使用。而 " +":file:`setup.py` 是一个有效的 :ref:`setuptools` 配置文件,它恰好是用 Python " +"编写的,而不是使用 *TOML* (例如,其他工具如 *nox* 及其 :file:`noxfile.py` " +"配置文件,或 *pytest* 及其 :file:`conftest.py` 文件也采用类似做法)。" #: ../source/discussions/setup-py-deprecated.rst:18 msgid "" @@ -1557,7 +1668,7 @@ msgstr "相反,应该使用什么命令?" #: ../source/discussions/setup-py-deprecated.rst:33 #: ../source/guides/modernize-setup-py-project.rst:30 msgid "Deprecated" -msgstr "废弃" +msgstr "弃用" #: ../source/discussions/setup-py-deprecated.rst:33 #: ../source/guides/modernize-setup-py-project.rst:30 @@ -1585,6 +1696,9 @@ msgid "" "what ``python -m build`` does. If necessary the ``--sdist`` and ``--wheel`` " "options can be used to generate only one or the other." msgstr "" +"这需要 :ref:`build` 依赖项。建议始终构建并发布项目的源代码分发包和 wheel," +"这正是 ``python -m build`` 所做的。如果需要,可以使用 ``--sdist`` 和 " +"``--wheel`` 选项仅生成其中之一。" #: ../source/discussions/setup-py-deprecated.rst:52 msgid "" @@ -1597,6 +1711,13 @@ msgid "" "on the local filesystem as argument to its ``install`` sub-command. So this " "would also be a valid command: ``python -m pip install path/to/project``." msgstr "" +"为了安装基于 setuptools 的项目,过去通常会运行 :file:`setup.py` 的 " +"``install`` 命令,例如: ``python setup.py install`` 。如今," +"推荐的方法是直接使用 :ref:`pip` , 命令如下: ``python -m pip install .`` 。" +"其中点号 ``.`` 实际上是一个文件系统路径,表示当前目录的路径符号。实际上, " +"*pip* 接受本地文件系统上项目源代码目录的路径作为其 ``install`` " +"子命令的参数。因此,以下命令也是有效的: ``python -m pip install path/to/" +"project`` 。" #: ../source/discussions/setup-py-deprecated.rst:65 msgid "" @@ -1604,6 +1725,9 @@ msgid "" "``python setup.py develop`` one can use the ``--editable`` option of pip's " "*install* sub-command: ``python -m pip install --editable .``." msgstr "" +"至于 *develop* 模式,也就是 *editable* 模式的安装,除了使用 ``python " +"setup.py develop`` ,还可以使用 pip 的 *install* 子命令的 ``--editable`` " +"选项: ``python -m pip install --editable .`` 。" #: ../source/discussions/setup-py-deprecated.rst:70 msgid "" @@ -1615,6 +1739,11 @@ msgid "" "generate only one or the other. Note that the build tool needs to be " "installed separately." msgstr "" +"构建 :term:`源代码分发包 ` 和 :term:`" +"wheels ` 的一种推荐、简单且直接的方法是使用 :ref:`build` " +"工具,命令如下: ``python -m " +"build``,该命令会触发生成这两种分发格式。如果需要,可以使用 ``--sdist`` 和 " +"``--wheel`` 选项仅生成其中之一。请注意,build 工具需要单独安装。" #: ../source/discussions/setup-py-deprecated.rst:80 msgid "" @@ -1669,6 +1798,8 @@ msgid "" "But might be necessary on other :term:`package indexes ` (for " "example :ref:`devpi`)." msgstr "" +"在 :term:`PyPI ` 上不必要,也不被支持。但在其他 " +":term:`包索引 ` 上可能是必要的(例如 :ref:`devpi` )。" #: ../source/discussions/setup-py-deprecated.rst:112 msgid "``python setup.py --version``" @@ -1677,7 +1808,7 @@ msgstr "``python setup.py --version``" #: ../source/discussions/setup-py-deprecated.rst:114 msgid "" "A possible replacement solution (among others) is to rely on setuptools-scm_:" -msgstr "" +msgstr "一种可能的替代解决方案(除其他外)是依赖 setuptools-scm_ :" #: ../source/discussions/setup-py-deprecated.rst:116 msgid "``python -m setuptools_scm``" @@ -1806,7 +1937,7 @@ msgstr "" #: ../source/discussions/setup-py-deprecated.rst:166 msgid "What about custom build steps?" -msgstr "" +msgstr "自定义构建步骤要怎么做?" #: ../source/discussions/setup-py-deprecated.rst:168 msgid "" @@ -1814,6 +1945,9 @@ msgid "" "``build_py``, ``build_ext``, and ``bdist_wheel`` or add new build steps are " "not deprecated. Those will be automatically called as expected." msgstr "" +"自定义构建步骤,例如覆盖现有步骤(如 ``build_py`` 、 ``build_ext`` 和 " +"``bdist_wheel`` " +")或添加新的构建步骤,并没有被弃用。这些步骤将会按预期自动调用。" #: ../source/discussions/setup-py-deprecated.rst:175 #: ../source/guides/modernize-setup-py-project.rst:21 @@ -1854,16 +1988,19 @@ msgid "" "table is to assume that the :term:`build backend ` is " "setuptools." msgstr "" +"在没有 :file:`pyproject.toml` 文件及其 ``[build-system]`` 表的情况下, " +":term:`构建前端 ` 的标准回退行为是默认假设 :term:`构建后端 " +"` 是 setuptools。" #: ../source/discussions/setup-py-deprecated.rst:204 msgid "Why? What does it all mean?" -msgstr "" +msgstr "为什么?这一切意味着什么?" #: ../source/discussions/setup-py-deprecated.rst:206 msgid "" "One way to look at it is that the scope of setuptools has now been reduced " "to the role of a build backend." -msgstr "" +msgstr "一种看法是,setuptools 的作用范围现在已被缩小至构建后端的角色。" #: ../source/discussions/setup-py-deprecated.rst:211 #: ../source/guides/modernize-setup-py-project.rst:244 @@ -1880,17 +2017,15 @@ msgstr ":doc:`setuptools:deprecated/commands`" #: ../source/discussions/single-source-version.rst:5 msgid "Single-sourcing the Project Version" -msgstr "" +msgstr "单一来源项目版本" #: ../source/discussions/single-source-version.rst:7 -#, fuzzy msgid "Complete" -msgstr "不完全" +msgstr "完成" #: ../source/discussions/single-source-version.rst:8 -#, fuzzy msgid "2024-10-07" -msgstr "2021-8-24" +msgstr "2024-10-07" #: ../source/discussions/single-source-version.rst:10 msgid "" @@ -1900,41 +2035,49 @@ msgid "" "same version specifier as :func:`importlib.metadata.version` reports for the " "distribution package (as described in :ref:`runtime-version-access`)." msgstr "" +"许多 Python :term:`分发包 ` 发布一个单一的 Python " +":term:`导入包 ` ,在这种情况下,希望导入包上的运行时 " +"``__version__`` 属性报告与 :func:`importlib.metadata.version` " +"为分发包报告的相同版本说明符(如 :ref:`运行时版本访问 ` 中所述)。" #: ../source/discussions/single-source-version.rst:16 msgid "" "It is also frequently desired that this version information be derived from " "a version control system *tag* (such as ``v1.2.3``) rather than being " "manually updated in the source code." -msgstr "" +msgstr "此外,通常希望该版本信息是从版本控制系统的 *标签* (如 ``v1.2.3`` " +")中派生的,而不是手动在源代码中更新。" #: ../source/discussions/single-source-version.rst:20 msgid "" "Some projects may choose to simply live with the data entry duplication, and " "rely on automated testing to ensure the different values do not diverge." -msgstr "" +msgstr "一些项目可能选择容忍数据输入的重复,并依赖自动化测试来确保不同的值不会出现偏" +"差。" #: ../source/discussions/single-source-version.rst:23 msgid "" "Alternatively, a project's chosen build system may offer a way to define a " "single source of truth for the version number." -msgstr "" +msgstr "另外,项目选择的构建系统可能提供一种方法来定义版本号的单一权威来源。" #: ../source/discussions/single-source-version.rst:26 msgid "In general, the options are:" -msgstr "" +msgstr "一般而言,选项包括:" #: ../source/discussions/single-source-version.rst:28 msgid "" "If the code is in a version control system (VCS), such as Git, then the " "version can be extracted from the VCS." -msgstr "" +msgstr "如果代码位于版本控制系统 (VCS)(例如 Git)中,则可以从 VCS 中提取版本。" #: ../source/discussions/single-source-version.rst:30 msgid "" "The version can be hard-coded into the :file:`pyproject.toml` file -- and " "the build system can copy it into other locations it may be required." -msgstr "" +msgstr "该版本可以硬编码到: :file:`pyproject.toml` " +"文件中——并且构建系统可以将其复制到可能需要的其他位置。" #: ../source/discussions/single-source-version.rst:33 msgid "" @@ -1944,10 +2087,14 @@ msgid "" "attribute in a particular module, such as :file:`__init__.py`. The build " "system can then extract it from the runtime location at build time." msgstr "" +"版本字符串可以被硬编码到源代码中——可以是在一个特殊用途的文件中,例如 " +":file:`_version.txt`(该文件必须作为项目源代码分发包的一部分进行发布),或者" +"作为特定模块中的一个属性,例如 :file:`__init__.py` " +"。构建系统随后可以在构建时从运行时位置提取它。" #: ../source/discussions/single-source-version.rst:38 msgid "Consult your build system's documentation for their recommended method." -msgstr "" +msgstr "请查阅您的构建系统文档以了解其推荐的方法。" #: ../source/discussions/single-source-version.rst:40 msgid "" @@ -1957,40 +2104,48 @@ msgid "" "``importlib.metadata.version(\"dist-name\")`` report the same value (note: " "for many projects, ``import_name`` and ``dist-name`` will be the same name)." msgstr "" +"当目标是让分发包及其关联的导入包共享相同的版本时,建议项目包括一个自动化测试" +"用例,确保 ``import_name.__version__`` 和 ``importlib.metadata.version" +"(\"dist-name\")`` 报告相同的值(注意:对于许多项目, ``import_name`` 和 " +"``dist-name`` 将是相同的名称)。" #: ../source/discussions/single-source-version.rst:50 msgid "Build System Version Handling" -msgstr "" +msgstr "构建系统版本处理" #: ../source/discussions/single-source-version.rst:52 msgid "" "The following are links to some build system's documentation for handling " "version strings." -msgstr "" +msgstr "以下是一些用于处理版本字符串的构建系统文档的链接。" #: ../source/discussions/single-source-version.rst:54 msgid "`Flit `_" -msgstr "" +msgstr "`Flit 分发 `_" #: ../source/discussions/single-source-version.rst:56 -#, fuzzy msgid "`Hatchling `_" -msgstr "`Apache `_" +msgstr "`Hatchling 项目管理器 `_" #: ../source/discussions/single-source-version.rst:58 msgid "" "`PDM `_" msgstr "" +"`PDM `_" #: ../source/discussions/single-source-version.rst:60 msgid "" "`Setuptools `_" msgstr "" +"`Setuptools 工具 `_" #: ../source/discussions/single-source-version.rst:62 msgid "`setuptools_scm `_" msgstr "" +"`setuptools_scm 提取 Python 包版本 `_" #: ../source/discussions/src-layout-vs-flat-layout.rst:5 msgid "src layout vs flat layout" @@ -2035,6 +2190,9 @@ msgid "" "` is used for development and a " "regular installation is used for testing)." msgstr "" +"这意味着 `src` 布局在项目的开发工作流程中涉及一个额外的步骤(通常," +"在开发中使用 :doc:`可编辑安装 ` " +",在测试中使用常规安装)。" #: ../source/discussions/src-layout-vs-flat-layout.rst:56 msgid "" @@ -2071,6 +2229,8 @@ msgid "" "userguide/development_mode>` is only able to import files that were meant to " "be importable." msgstr "" +"`src` 布局有助于确保 :doc:`可编辑安装 ` 仅能导入那些本应可导入的文件。" #: ../source/discussions/src-layout-vs-flat-layout.rst:74 msgid "" @@ -2078,6 +2238,8 @@ msgid "" "using a `path configuration file `_ that adds the directory to the import path." msgstr "" +"当可编辑安装使用 `路径配置文件 `_ 来实现并将目录添加到导入路径时,这一点尤为重要。" #: ../source/discussions/src-layout-vs-flat-layout.rst:78 msgid "" @@ -2086,10 +2248,13 @@ msgid "" "``noxfile.py``) on the import path. This would make certain imports work in " "editable installations but not regular installations." msgstr "" +"扁平布局会将其他项目文件(例如: ``README.md`` 、 ``tox.ini`` " +")和打包/工具配置文件(例如: ``setup.py`` 、 ``noxfile.py`` " +")添加到导入路径。这会使某些导入在可编辑安装中工作,但在常规安装中无法工作。" #: ../source/discussions/src-layout-vs-flat-layout.rst:86 msgid "Running a command-line interface from source with src-layout" -msgstr "" +msgstr "从源代码使用 `src` 布局中运行命令行界面" #: ../source/discussions/src-layout-vs-flat-layout.rst:88 msgid "" @@ -2101,6 +2266,11 @@ msgid "" "the package folder to Python's :py:data:`sys.path` when called via its :" "file:`__main__.py` file:" msgstr "" +"由于前述的 `src` 布局的特点,命令行界面不能直接从 :term:`源代码树 ` 运行,而需要将包安装为 :doc:`开发模式 ` 以便进行测试。由于在某些情况下这可能不太实际," +"一个解决方法是在通过其 :file:`__main__.py` 文件调用时,将包文件夹添加到 " +"Python 的 :py:data:`sys.path` 中:" #: ../source/discussions/versioning.rst:6 #: ../source/specifications/simple-repository-api.rst:310 @@ -2109,7 +2279,7 @@ msgstr "版本" #: ../source/discussions/versioning.rst:8 msgid "This discussion covers all aspects of versioning Python packages." -msgstr "" +msgstr "本讨论涵盖了 Python 包版本控制的所有方面。" #: ../source/discussions/versioning.rst:12 msgid "Valid version numbers" @@ -2124,10 +2294,14 @@ msgid "" "`specification of version specifiers `. Here are some " "examples of version numbers [#version-examples]_:" msgstr "" +"不同的 Python 项目可能根据各自的需求使用不同的版本控制方案,但为了与像 " +":ref:`pip` 这样的工具兼容,所有这些项目都需要遵循一个灵活的版本标识符格式," +"权威参考是 :ref:`版本规范说明 ` 。以下是一些版本号的示例 " +"[#version-examples]_ :" #: ../source/discussions/versioning.rst:21 msgid "A simple version (final release): ``1.2.0``" -msgstr "" +msgstr "简单版本(最终版本): ``1.2.0``" #: ../source/discussions/versioning.rst:22 msgid "A development release: ``1.2.0.dev1``" @@ -2135,37 +2309,37 @@ msgstr "开发版本:``1.2.0.dev1``" #: ../source/discussions/versioning.rst:23 msgid "An alpha release: ``1.2.0a1``" -msgstr "" +msgstr "alpha 版本: ``1.2.0a1``" #: ../source/discussions/versioning.rst:24 msgid "A beta release: ``1.2.0b1``" -msgstr "" +msgstr "测试版本: ``1.2.0b1``" #: ../source/discussions/versioning.rst:25 msgid "A release candidate: ``1.2.0rc1``" -msgstr "" +msgstr "发布版本: ``1.2.0rc1``" #: ../source/discussions/versioning.rst:26 msgid "A post-release: ``1.2.0.post1``" -msgstr "" +msgstr "后续发布: ``1.2.0.post1``" #: ../source/discussions/versioning.rst:27 msgid "" "A post-release of an alpha release (possible, but discouraged): ``1.2.0a1." "post1``" -msgstr "" +msgstr "alpha 版本的后续发布(可能,但不鼓励): ``1.2.0a1.post1``" #: ../source/discussions/versioning.rst:28 msgid "A simple version with only two components: ``23.12``" -msgstr "" +msgstr "仅包含两个组件的简单版本:``23.12``" #: ../source/discussions/versioning.rst:29 msgid "A simple version with just one component: ``42``" -msgstr "" +msgstr "只有一个组件的简单版本:``42``" #: ../source/discussions/versioning.rst:30 msgid "A version with an epoch: ``1!1.0``" -msgstr "" +msgstr "带有时期的版本:``1!1.0``" #: ../source/discussions/versioning.rst:32 msgid "" @@ -2176,13 +2350,19 @@ msgid "" "versions of dependencies to install, unless explicitly requested (e.g., with " "``pip install pkg==1.1a3`` or ``pip install --pre pkg``)." msgstr "" +"项目可以使用一系列的预发布版本,以便在最终发布之前支持用户进行测试。步骤顺序" +"为:alpha 版本、beta 版本、候选发布版本、最终发布版本。默认情况下,pip " +"和其他现代 Python " +"包安装器在决定安装哪些依赖版本时,会忽略预发布版本,除非明确请求(例如,使用 " +"``pip install pkg==1.1a3`` 或 ``pip install --pre pkg`` )。" #: ../source/discussions/versioning.rst:39 msgid "" "The purpose of development releases is to support releases made early during " "a development cycle, for example, a nightly build, or a build from the " "latest source in a Linux distribution." -msgstr "" +msgstr "开发版本的目的是支持在开发周期初期发布的版本,例如,每日构建版本或来自 Linux " +"发行版最新源代码的构建版本。" #: ../source/discussions/versioning.rst:43 msgid "" @@ -2192,6 +2372,9 @@ msgid "" "with a new final release (e.g., incrementing the third component when using " "semantic versioning)." msgstr "" +"后发布版本用于修复最终版本中的轻微错误,这些错误不会影响分发的软件,例如修正" +"发布说明中的错误。它们不应用于修复 bug;这些应该通过发布新的最终版本来处理(" +"例如,在使用语义版本控制时,增加第三个版本号)。" #: ../source/discussions/versioning.rst:49 msgid "" @@ -2203,10 +2386,15 @@ msgid "" "epoch, as in \"1!1.0\", in order to be treated as more recent than the old " "version numbers." msgstr "" +"最后,epoch(纪元)是一个很少使用的特性,用于在更改版本控制方案时修正排序顺序" +"。例如,如果一个项目使用日历版本控制,版本号如 23." +"12,然后切换到语义版本控制,版本号如 1.0,那么 1.0 和 23.12 " +"的比较顺序将会错误。为了修正这一点,新的版本号应该具有明确的 epoch,例如 \"1" +"!1.0\",这样可以确保它比旧的版本号更为新颖。" #: ../source/discussions/versioning.rst:59 msgid "Semantic versioning vs. calendar versioning" -msgstr "" +msgstr "语义版本控制与日历版本控制" #: ../source/discussions/versioning.rst:61 msgid "" @@ -2215,6 +2403,8 @@ msgid "" "new release of a package. Two versioning schemes are commonly used for " "Python packages, semantic versioning and calendar versioning." msgstr "" +"版本控制方案是对版本号各个部分的正式解释方式,并决定在新版本发布时应该使用哪" +"个版本号。Python 包常用的两种版本控制方案是语义版本控制和日历版本控制。" #: ../source/discussions/versioning.rst:68 msgid "" @@ -2223,6 +2413,8 @@ msgid "" "That view may differ from the end-users' perception of what said formalized " "versioning scheme promises them." msgstr "" +"选择使用哪个版本号是由项目的维护者决定的。这实际上意味着版本号的提升反映了维" +"护者的观点。这个观点可能与最终用户对该正式版本控制方案承诺的理解有所不同。" #: ../source/discussions/versioning.rst:74 msgid "" @@ -2232,30 +2424,35 @@ msgid "" "when security vulnerability needs to be addressed. Security releases often " "come in patch versions but contain breaking changes inevitably." msgstr "" +"选择下一个版本号时有已知的例外情况。维护者可能会有意识地选择打破“最后一个版本" +"段只包含向后兼容的更改”这一假设。其中一个例子是当需要解决安全漏洞时。安全更新" +"通常以补丁版本发布,但不可避免地包含破坏性更改。" #: ../source/discussions/versioning.rst:84 #: ../source/specifications/version-specifiers.rst:723 msgid "Semantic versioning" -msgstr "" +msgstr "语义版本控制" #: ../source/discussions/versioning.rst:86 msgid "" "The idea of *semantic versioning* (or SemVer) is to use 3-part version " "numbers, *major.minor.patch*, where the project author increments:" msgstr "" +"*语义版本控制* (或称 SemVer)的理念是使用三部分版本号, *major.minor.patch* " +",其中项目作者根据以下规则进行版本号递增:" #: ../source/discussions/versioning.rst:89 msgid "*major* when they make incompatible API changes," -msgstr "" +msgstr "*重大(major)* 当他们进行不兼容的 API 更改时," #: ../source/discussions/versioning.rst:90 msgid "" "*minor* when they add functionality in a backwards-compatible manner, and" -msgstr "" +msgstr "*轻微(minor)* 当他们以向后兼容的方式添加功能时,以及" #: ../source/discussions/versioning.rst:91 msgid "*patch*, when they make backwards-compatible bug fixes." -msgstr "" +msgstr "*补丁(patch)*,当他们进行向后兼容的错误修复时。" #: ../source/discussions/versioning.rst:93 msgid "" @@ -2268,6 +2465,11 @@ msgid "" "strictness]_. Conversely, a bump of the major version number is sometimes " "used to signal significant but backwards-compatible new features." msgstr "" +"大多数 Python 项目使用类似于语义版本控制的版本方案。然而,大多数项目,尤其是" +"较大的项目,并不严格遵循语义版本控制,因为许多变化在技术上是破坏兼容性的,但" +"仅影响一小部分用户。这类项目通常在不兼容性较大时递增主版本号,或用来表示项目" +"的重大变化,而不是为了任何微小的不兼容性 [#semver-strictness] " +"。相反,主版本号的递增有时也用来表示重要但向后兼容的新特性。" #: ../source/discussions/versioning.rst:103 msgid "" @@ -2280,12 +2482,19 @@ msgid "" "equivalent to ``name >= X.Y.Z, == X.Y.*``, i.e., it requires at least X.Y.Z " "and allows a later release with same X and Y but higher Z." msgstr "" +"对于那些确实使用严格语义版本控制的项目,这种方法允许用户使用 :ref:`" +"兼容发布版本说明符 ` ,并使用 ``~=`` " +"运算符。例如, ``name ~= X.Y`` 大致等价于 ``name >= X.Y, == X.*`` ," +"即它要求至少是 X.Y 版本,并允许任何 X 不变且 Y 较大的后续版本。同样, ``name " +"~= X.Y.Z`` 大致等价于 ``name >= X.Y.Z, == X.Y.*`` ,即要求至少是 X.Y.Z 版本," +"并允许任何 X 和 Y 相同但 Z 较大的后续版本。" #: ../source/discussions/versioning.rst:112 msgid "" "Python projects adopting semantic versioning should abide by clauses 1-8 of " "the `Semantic Versioning 2.0.0 specification `_." -msgstr "" +msgstr "采用语义版本控制的 Python 项目应遵守 `语义版本控制 2.0.0 规范 ` " +"的第 1-8 条。" #: ../source/discussions/versioning.rst:115 msgid "" @@ -2297,6 +2506,11 @@ msgid "" "contain backwards-incompatible API changes (:doc:`NumPy versioning policy " "`)." msgstr "" +"流行的 :doc:`Sphinx ` " +"文档生成器是一个使用严格语义版本控制的示例项目( :doc:`Sphinx 版本控制政策 " +"` )。著名的 :doc:`NumPy ` " +"科学计算包明确使用“宽松”语义版本控制,其中递增次要版本可能包含向后不兼容的 " +"API 更改( :doc:`NumPy 版本控制政策 ` )。" #: ../source/discussions/versioning.rst:124 msgid "Calendar versioning" @@ -2307,7 +2521,8 @@ msgid "" "Semantic versioning is not a suitable choice for all projects, such as those " "with a regular time based release cadence and a deprecation process that " "provides warnings for a number of releases prior to removal of a feature." -msgstr "" +msgstr "语义版本控制并不适用于所有项目,例如具有基于定期时间的发布节奏和弃用流程的项" +"目,这些弃用流程会在删除某个功能之前为多个版本提供警告。" #: ../source/discussions/versioning.rst:130 msgid "" @@ -2315,23 +2530,24 @@ msgid "" "`_ (CalVer), is that it is straightforward to tell how old the base " "feature set of a particular release is given just the version number." msgstr "" +"基于日期的版本控制,或称为 `日历版本控制 `_(CalVer)的一个主要优势" +"是,通过版本号就可以直接判断特定发布的基础功能集已经有多旧。" #: ../source/discussions/versioning.rst:134 msgid "" "Calendar version numbers typically take the form *year.month* (for example, " "23.12 for December 2023)." -msgstr "" +msgstr "日历版本号通常采用 *year.month* 的形式(例如,2023 年 12 月为 23.12)。" #: ../source/discussions/versioning.rst:137 msgid "" ":doc:`Pip `, the standard Python package installer, uses calendar " "versioning." -msgstr "" +msgstr ":doc:`Pip ` ,标准 Python 包安装程序,使用日历版本控制。" #: ../source/discussions/versioning.rst:142 -#, fuzzy msgid "Other schemes" -msgstr "版本" +msgstr "其他模式" #: ../source/discussions/versioning.rst:144 msgid "" @@ -2341,6 +2557,9 @@ msgid "" "as an end user, as serial version numbers convey little or no information " "regarding API backwards compatibility." msgstr "" +"序列版本控制指的是一种最简单的版本控制方案,它由一个每次发布时递增的单一数字" +"组成。虽然序列版本控制对于开发者来说非常容易管理,但对于最终用户来说却是最难" +"追踪的,因为序列版本号几乎不提供关于 API 向后兼容性的任何信息。" #: ../source/discussions/versioning.rst:150 msgid "" @@ -2350,6 +2569,9 @@ msgid "" "release, but doesn't otherwise commit to a particular release cadence within " "the year." msgstr "" +"上述版本控制方案可以组合使用。例如,一个项目可以将基于日期的版本控制与序列版" +"本控制结合,创建一个 *年.序列(year.serial)* 的编号方案,这样既能直观地传达一" +"个版本的发布大致年份,同时又不承诺在该年内的具体发布频率。" #: ../source/discussions/versioning.rst:157 #: ../source/specifications/version-specifiers.rst:114 @@ -2364,6 +2586,10 @@ msgid "" "which can be used to identify local development builds not intended for " "publication, or modified variants of a release maintained by a redistributor." msgstr "" +"公共版本标识符旨在支持通过 :term:`PyPI ` " +"进行分发。Python 打包工具还支持 :ref:`本地版本标识符 ` 的概念,可以用来标识不打算公开发布的本地开发构建,或由重新分发" +"者维护的已修改版本。" #: ../source/discussions/versioning.rst:165 msgid "" @@ -2376,6 +2602,12 @@ msgid "" "dev1+gd00980f\", or if the repository has untracked changes, like \"0.5." "dev1+gd00980f.d20231217\"." msgstr "" +"本地版本标识符的形式是一个公共版本标识符,后跟 \"+\" 和本地版本标签。例如," +"应用了 Fedora 特定补丁的包可能会有版本 \"1.2.1+fedora.4\"。另一个例子是由 " +"setuptools-scm_ (一个读取 Git 数据的 setuptools 插件) 计算的版本。" +"在有一些提交的 Git 仓库中,setuptools-scm 会生成类似 \"0.5.dev1+gd00980f\" " +"的版本,或者如果仓库有未跟踪的更改,则生成类似 \"0.5.dev1+gd00980f." +"d20231217\" 的版本。" #: ../source/discussions/versioning.rst:177 msgid "Accessing version information at runtime" @@ -4001,12 +4233,16 @@ msgid "" "plugin. Another package supporting this kind of plugin can use the metadata " "to discover that plugin." msgstr "" +"包可以拥有在 :ref:`entry-points` 中描述的插件元数据。通过指定这些元数据,包声" +"明它包含某种特定类型的插件。另一个支持这种插件的包可以使用这些元数据来发现该" +"插件。" #: ../source/guides/creating-and-discovering-plugins.rst:128 msgid "" "For example if you have a package named ``myapp-plugin-a`` and it includes " "the following in its ``pyproject.toml``:" -msgstr "" +msgstr "例如,如果您有一个名为 ``myapp-plugin-a`` 的包,并且它的 ``pyproject.toml`` " +"中包含以下内容:" #: ../source/guides/creating-and-discovering-plugins.rst:136 msgid "" @@ -4020,12 +4256,14 @@ msgid "" "In this example, ``discovered_plugins`` would be a collection of type :class:" "`importlib.metadata.EntryPoint`:" msgstr "" +"在这个例子中, ``discovered_plugins`` 将是一个类型为 :class:`importlib." +"metadata.EntryPoint` 的集合:" #: ../source/guides/creating-and-discovering-plugins.rst:160 msgid "" "Now the module of your choice can be imported by executing " "``discovered_plugins['a'].load()``." -msgstr "" +msgstr "现在可以通过执行 ``discovered_plugins['a'].load()`` 来导入您选择的模块。" #: ../source/guides/creating-and-discovering-plugins.rst:163 msgid "" @@ -4033,6 +4271,9 @@ msgid "" "has a lot of options. It's recommended to read over the entire section on :" "doc:`entry points ` ." msgstr "" +"在 :file:`setup.py` 中的 ``entry_point`` 规范相当灵活,具有很多选项。" +"建议仔细阅读整个关于 :doc:`entry points ` " +"的章节。" #: ../source/guides/creating-and-discovering-plugins.rst:167 msgid "" @@ -4040,11 +4281,12 @@ msgid "" "library/importlib.metadata>`, most packaging tools other than setuptools " "provide support for defining entry points." msgstr "" +"由于此规范是 :doc:`标准库的一部分 `," +"因此除了 setuptools 之外,大多数打包工具都提供了定义 entry points 的支持。" #: ../source/guides/creating-command-line-tools.rst:5 -#, fuzzy msgid "Creating and packaging command-line tools" -msgstr "安装独立命令行工具" +msgstr "创建以及打包命令行工具" #: ../source/guides/creating-command-line-tools.rst:7 msgid "" @@ -4054,11 +4296,14 @@ msgid "" "exposing the executable scripts of packages (and available manual pages) for " "use on the command-line." msgstr "" +"本指南将引导您创建和打包一个独立的命令行应用程序,该应用程序可以通过 " +":ref:`pipx` 安装,pipx 是一个创建和管理 :term:`Python 虚拟环境 ` " +"的工具,并暴露包的可执行脚本(以及可用的手册页)以供命令行使用。" #: ../source/guides/creating-command-line-tools.rst:12 -#, fuzzy msgid "Creating the package" -msgstr "升级软件包" +msgstr "创建包" #: ../source/guides/creating-command-line-tools.rst:14 msgid "" @@ -4066,17 +4311,19 @@ msgid "" "the sake of an example, we'll build a simple tool outputting a greeting (a " "string) for a person based on arguments given on the command-line." msgstr "" +"首先,创建一个源代码树用于该 :term:`项目 ` 。为了举例说明,我们将构" +"建一个简单的工具,根据命令行提供的参数输出对某个人的问候(一个字符串)。" #: ../source/guides/creating-command-line-tools.rst:17 #: ../source/guides/tool-recommendations.rst:45 msgid "Todo" -msgstr "" +msgstr "待办" #: ../source/guides/creating-command-line-tools.rst:17 msgid "" "Advise on the optimal structure of a Python package in another guide or " "discussion and link to it here." -msgstr "" +msgstr "在另一个指南或讨论中对 Python 包的最佳结构提出建议,并在此处链接。" #: ../source/guides/creating-command-line-tools.rst:19 msgid "" From 510a9f7123319d92eaf7fc6ab2d147fc9decff6a Mon Sep 17 00:00:00 2001 From: Hosted Weblate Date: Mon, 25 Nov 2024 22:53:53 +0100 Subject: [PATCH 3/4] Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Hosted Weblate Translate-URL: https://hosted.weblate.org/projects/pypa/packaging-python-org/ Translation: pypa/packaging.python.org --- locales/ar/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/ars/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/de/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/eo/LC_MESSAGES/messages.po | 1149 ++++++++++------ locales/es/LC_MESSAGES/messages.po | 951 ++++++++++++-- locales/fa/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/fil/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/fr/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/frc/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/gl/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/gmh/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/hi/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/id/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/ko/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/lzh/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/mk/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/pl/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/pt_BR/LC_MESSAGES/messages.po | 1273 ++++++++++++------ locales/ro/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/ru/LC_MESSAGES/messages.po | 1279 ++++++++++++------ locales/sai/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/si/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/sk/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/ta/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/tr/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/uk/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/vi/LC_MESSAGES/messages.po | 1147 ++++++++++------ locales/zh_Hans/LC_MESSAGES/messages.po | 1591 ++++++++++++++--------- locales/zh_Hant/LC_MESSAGES/messages.po | 1147 ++++++++++------ 29 files changed, 22556 insertions(+), 11215 deletions(-) diff --git a/locales/ar/LC_MESSAGES/messages.po b/locales/ar/LC_MESSAGES/messages.po index ff65aaf99..85a1af5d2 100644 --- a/locales/ar/LC_MESSAGES/messages.po +++ b/locales/ar/LC_MESSAGES/messages.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-10-30 00:39+0000\n" +"POT-Creation-Date: 2024-11-25 21:53+0000\n" "PO-Revision-Date: 2024-01-18 07:31+0000\n" "Last-Translator: Youcef Guenaoua \n" "Language-Team: Arabic `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5099,9 +5099,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5214,7 +5214,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5246,28 +5246,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8335,29 +8348,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8368,31 +8403,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9567,44 +9602,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9614,17 +9663,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9632,17 +9681,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9654,38 +9703,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9696,34 +9745,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9731,58 +9780,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9794,18 +9843,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9816,32 +9865,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9849,17 +9898,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9869,49 +9918,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9919,33 +9968,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9956,17 +10005,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9976,33 +10025,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10013,18 +10062,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10052,17 +10101,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10070,7 +10119,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10089,24 +10138,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10114,21 +10163,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10136,34 +10185,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12211,7 +12260,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13281,6 +13330,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13418,7 +13468,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15041,6 +15091,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15211,7 +15557,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17099,11 +17445,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17113,11 +17474,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17127,7 +17488,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17135,7 +17496,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17143,11 +17504,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17157,7 +17518,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17167,14 +17528,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17184,7 +17545,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17192,7 +17553,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17201,38 +17562,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17243,29 +17604,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17274,7 +17635,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17284,48 +17645,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17334,7 +17695,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17346,7 +17707,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17356,18 +17717,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17375,11 +17736,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17387,7 +17748,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17397,7 +17758,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17407,7 +17768,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17415,28 +17776,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17445,37 +17806,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17483,19 +17844,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17548,7 +17909,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17647,27 +18008,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17676,7 +18037,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17687,7 +18048,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17750,11 +18119,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17763,65 +18132,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17829,7 +18198,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17840,7 +18209,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17849,33 +18218,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17885,7 +18254,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17895,7 +18264,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17903,7 +18272,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17914,22 +18283,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17938,25 +18307,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17964,13 +18333,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17980,18 +18349,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17999,7 +18368,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18009,7 +18378,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18017,11 +18386,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18032,7 +18401,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18040,7 +18409,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18049,7 +18418,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18057,7 +18426,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18067,20 +18436,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18088,7 +18457,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18097,18 +18466,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18116,13 +18485,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18131,23 +18500,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18156,63 +18525,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18222,7 +18591,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18230,7 +18599,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18239,21 +18608,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18265,11 +18634,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18277,11 +18646,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18289,7 +18658,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18298,14 +18667,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21763,23 +22138,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21787,28 +22162,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21816,44 +22191,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: German `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5172,9 +5172,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5287,7 +5287,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5319,28 +5319,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8414,29 +8427,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8447,31 +8482,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9646,44 +9681,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9693,17 +9742,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9711,17 +9760,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9733,38 +9782,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9775,34 +9824,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9810,58 +9859,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9873,18 +9922,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9895,32 +9944,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9928,17 +9977,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9948,49 +9997,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9998,33 +10047,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10035,17 +10084,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10055,33 +10104,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10092,18 +10141,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10131,17 +10180,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10149,7 +10198,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10168,24 +10217,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10193,21 +10242,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10215,34 +10264,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12290,7 +12339,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13360,6 +13409,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13497,7 +13547,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15124,6 +15174,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15296,7 +15642,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17187,11 +17533,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17201,11 +17562,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17215,7 +17576,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17223,7 +17584,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17231,12 +17592,12 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy msgid "Installers" msgstr "Betreuer" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17246,7 +17607,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17256,14 +17617,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17273,7 +17634,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17281,7 +17642,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17290,38 +17651,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17332,29 +17693,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17363,7 +17724,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17373,48 +17734,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17423,7 +17784,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17435,7 +17796,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17445,18 +17806,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17464,11 +17825,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17476,7 +17837,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17486,7 +17847,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17496,7 +17857,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17504,28 +17865,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17534,37 +17895,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17572,19 +17933,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17637,7 +17998,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17736,27 +18097,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17765,7 +18126,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17776,7 +18137,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17839,11 +18208,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17852,65 +18221,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17918,7 +18287,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17929,7 +18298,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17938,33 +18307,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17974,7 +18343,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17984,7 +18353,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17992,7 +18361,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18003,22 +18372,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18027,25 +18396,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18053,13 +18422,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18069,18 +18438,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18088,7 +18457,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18098,7 +18467,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18106,11 +18475,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18121,7 +18490,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18129,7 +18498,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18138,7 +18507,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18146,7 +18515,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18156,20 +18525,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18177,7 +18546,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18186,18 +18555,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18205,13 +18574,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18220,23 +18589,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18245,63 +18614,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18311,7 +18680,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18319,7 +18688,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18328,21 +18697,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18354,11 +18723,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18366,11 +18735,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18378,7 +18747,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18387,14 +18756,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21852,23 +22227,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21876,28 +22251,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21905,44 +22280,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Esperanto `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5238,9 +5238,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5353,7 +5353,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5385,28 +5385,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8535,29 +8548,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8568,40 +8603,40 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`Flit`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 #, fuzzy msgid ":ref:`Hatch`," msgstr "pip, `bandersnatch`_" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`PDM`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`Pipenv`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`Poetry`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9850,38 +9885,52 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:420 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:426 +msgid "" +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." +msgstr "" + +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 #, fuzzy msgid "" "`Docs `__ | :gh:`Issues ` " @@ -9891,7 +9940,7 @@ msgstr "" "pipenv>`__ | `Cimoj `__ | `PyPI " "`__" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9901,11 +9950,11 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 #, fuzzy msgid "" "`GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9923,17 +9972,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9945,11 +9994,11 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9991,11 +10040,11 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 #, fuzzy msgid "" "`Docs `__ | `GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 #, fuzzy msgid "meson-python" msgstr "python" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 #, fuzzy msgid "" "`Docs `__ | `GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -10035,42 +10084,42 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 #, fuzzy #| msgid "`Source `__" msgid "`GitHub `__" msgstr "`Fonto `__" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 #, fuzzy msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -10104,11 +10153,11 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 #, fuzzy msgid "" "`Docs `__ | `GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -10130,11 +10179,11 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -10143,23 +10192,23 @@ msgstr "" "github.com/pypa/bandersnatch>`__ | `PyPI `__" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -10167,17 +10216,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -10187,11 +10236,11 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -10200,19 +10249,19 @@ msgstr "" "github.com/pypa/bandersnatch>`__ | `PyPI `__" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 #, fuzzy #| msgid "python" msgid "Pulp-python" msgstr "python" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10251,11 +10300,11 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 #, fuzzy msgid "" "`GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10296,11 +10345,11 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 #, fuzzy msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10320,11 +10369,11 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -10333,24 +10382,24 @@ msgstr "" "github.com/pypa/bandersnatch>`__ | `PyPI `__" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10361,11 +10410,11 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 #, fuzzy msgid "" "`Docs `__ | `GitHub " @@ -10376,7 +10425,7 @@ msgstr "" "`__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10404,11 +10453,11 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10426,7 +10475,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10445,24 +10494,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10470,21 +10519,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10492,11 +10541,11 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 #, fuzzy msgid "" ":doc:`Docs ` | :gh:`Issues `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 #, fuzzy msgid "" "`Docs `__ | `Issues `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12579,7 +12628,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13654,6 +13703,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "Specifado" @@ -13792,7 +13842,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "Versio" @@ -15441,6 +15491,304 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +#, fuzzy +#| msgid "A simple project" +msgid "Attestation objects" +msgstr "Simpla projekto" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 #, fuzzy #| msgid "Configuring metadata" @@ -15616,7 +15964,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 #, fuzzy #| msgid "Creating pyproject.toml" msgid "Recommendations" @@ -17522,11 +17870,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17536,11 +17899,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17550,7 +17913,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17558,7 +17921,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17566,13 +17929,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Installer" msgid "Installers" msgstr "Instalilo" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17582,7 +17945,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17592,14 +17955,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17609,7 +17972,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17617,7 +17980,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17626,38 +17989,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17668,29 +18031,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17699,7 +18062,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17709,50 +18072,50 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy #| msgid "Contents" msgid "Clients" msgstr "Enhavoj" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17761,7 +18124,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17773,7 +18136,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17783,18 +18146,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17802,11 +18165,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17814,7 +18177,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17824,7 +18187,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17834,7 +18197,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17842,28 +18205,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17872,38 +18235,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "Versio de pako" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17911,19 +18274,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy #| msgid "Project" msgid "Project List" msgstr "Projekto" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 #, fuzzy msgid "As an example:" msgstr "Ekzemploj" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17979,7 +18342,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -18082,27 +18445,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -18111,7 +18474,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -18122,7 +18485,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -18187,13 +18558,13 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy #| msgid "Version" msgid "Version + Format Selection" msgstr "Versio" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -18202,65 +18573,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -18268,7 +18639,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -18279,7 +18650,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -18288,33 +18659,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -18324,7 +18695,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18334,7 +18705,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18342,7 +18713,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18353,22 +18724,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18377,25 +18748,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18403,13 +18774,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18419,18 +18790,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18438,7 +18809,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18448,7 +18819,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18456,11 +18827,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18471,7 +18842,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18479,7 +18850,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18488,7 +18859,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18496,7 +18867,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18506,20 +18877,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18527,7 +18898,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18536,18 +18907,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18555,13 +18926,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18570,23 +18941,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18595,63 +18966,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18661,7 +19032,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18669,7 +19040,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18678,21 +19049,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18704,11 +19075,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18716,11 +19087,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18728,7 +19099,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18737,14 +19108,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "Certigu, ke vi indikas vian salutnomon en la nomo de la pako!" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -22229,23 +22606,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "kaj enportu la pakon:" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "**Gratulon, vi pakis kaj distribuis Python-projekton!** ✨ 🍰 ✨" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -22253,28 +22630,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -22282,7 +22659,7 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." @@ -22290,38 +22667,38 @@ msgstr "" "Instalu vian pakon el la vera PyPI per ``python3 -m pip install [your-" "package]``." -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Spanish `, it is insecure." msgstr "" #: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" #: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8636,35 +8639,42 @@ msgid "" msgstr "" #: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 #, fuzzy msgid ":ref:`Flit`," msgstr ":ref:`pip`" #: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 #, fuzzy msgid ":ref:`Hatch`," msgstr ":ref:`pip`" #: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" #: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 #, fuzzy msgid ":ref:`PDM`," msgstr ":ref:`pip`" #: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 #, fuzzy msgid ":ref:`Pipenv`," msgstr ":ref:`pip`" #: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 #, fuzzy msgid ":ref:`Poetry`," msgstr ":ref:`pip`" #: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9871,17 +9881,17 @@ msgid "" "modifying their metadata." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:431 ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:433 ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:437 ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9891,17 +9901,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:448 ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:450 ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:453 ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9909,17 +9919,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:460 ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:462 ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:466 ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9931,38 +9941,39 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:481 ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:483 ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" #: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:740 ../source/key_projects.rst:491 +#: ../source/key_projects.rst:685 ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:489 ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:495 ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:497 ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:500 ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9973,34 +9984,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:512 ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:514 ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:517 ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:525 ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:527 ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:530 ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -10008,59 +10019,59 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:540 ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:542 ../source/key_projects.rst:546 #, fuzzy msgid "`GitHub `__" msgstr "`pip-tools `_" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:544 ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:550 ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:552 ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:554 ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:560 ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:562 ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:566 ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:574 ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:578 ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -10081,18 +10092,18 @@ msgstr "" "pueden tener opcionalmente herramientas incrustadas que permiten convertir " "el archivo PEX en un venv estándar, dibujar dependencias y más." -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:590 ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:592 ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:596 ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -10103,32 +10114,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:608 ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:610 ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:613 ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:619 ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:621 ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:625 ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -10136,17 +10147,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:634 ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:636 ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:640 ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -10156,49 +10167,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:650 ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:652 ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:655 ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:661 ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:663 ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:667 ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:675 ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:677 ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:683 ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10206,33 +10217,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:691 ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:693 ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:696 ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:702 ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:704 ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:707 ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10243,17 +10254,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:718 ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:720 ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:724 ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10263,33 +10274,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:735 ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:737 ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:742 ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:748 ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:750 ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:754 ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10300,18 +10311,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:765 ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:767 ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:771 ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:787 ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10339,17 +10350,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:795 ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:797 ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:800 ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10357,7 +10368,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:810 ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:815 ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10376,24 +10387,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:823 ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:829 ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:831 ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:835 ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10401,21 +10412,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:842 ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:847 ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:849 ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:852 ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10423,34 +10434,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:860 ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:862 ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:865 ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:872 ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:874 ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:877 ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12503,6 +12514,7 @@ msgstr "" #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 +#: ../source/specifications/simple-repository-api.rst:988 msgid "History" msgstr "" @@ -13571,6 +13583,7 @@ msgstr "" #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 #: ../source/specifications/inline-script-metadata.rst:13 +#: ../source/specifications/index-hosted-attestations.rst:17 msgid "Specification" msgstr "Especificación" @@ -13709,6 +13722,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 #: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "Versión" @@ -15514,6 +15528,7 @@ msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 #: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 #, fuzzy msgid "Recommendations" msgstr "Recomendaciones de herramientas" @@ -17427,11 +17442,13 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "Traducciones" #: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17442,10 +17459,12 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" #: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17456,6 +17475,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17464,6 +17484,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17472,11 +17493,13 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy msgid "Installers" msgstr "Instalador" #: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17487,6 +17510,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17497,6 +17521,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " @@ -17504,6 +17529,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17514,6 +17540,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17522,6 +17549,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17531,14 +17559,17 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" #: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" #: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " @@ -17546,22 +17577,26 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" #: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" #: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" #: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17573,14 +17608,17 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" #: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" #: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " @@ -17588,6 +17626,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " @@ -17595,6 +17634,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17604,6 +17644,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17614,6 +17655,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " @@ -17622,11 +17664,14 @@ msgstr "" #: ../source/specifications/simple-repository-api.rst:237 #: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy msgid "Clients" msgstr "Contenido" #: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " @@ -17634,28 +17679,33 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" #: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" #: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" #: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" #: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17665,6 +17715,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17677,6 +17728,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17687,11 +17739,13 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 #, fuzzy msgid "Backwards Compatibility" msgstr "Etiquetas de compatibilidad con plataformas" #: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " @@ -17699,6 +17753,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17707,10 +17762,12 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" #: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17719,6 +17776,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17729,6 +17787,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17739,6 +17798,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17747,6 +17807,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " @@ -17754,6 +17815,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " @@ -17761,6 +17823,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " @@ -17768,6 +17831,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17777,6 +17841,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " @@ -17784,11 +17849,13 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "Traducciones" #: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " @@ -17796,18 +17863,21 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" #: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" #: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17816,18 +17886,21 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" #: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" #: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification ` that are not HTML specific still apply." msgstr "" #: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy msgid "Project List" msgstr "Proyecto" #: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" #: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." @@ -17861,6 +17938,8 @@ msgstr "" #: ../source/specifications/simple-repository-api.rst:391 #: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." @@ -17868,11 +17947,14 @@ msgstr "" #: ../source/specifications/simple-repository-api.rst:393 #: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 #, fuzzy msgid "As an example:" msgstr "Por ejemplo:" #: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17883,6 +17965,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " @@ -17973,6 +18069,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17983,6 +18080,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " @@ -17990,6 +18088,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " @@ -17997,12 +18096,14 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" #: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -18012,6 +18113,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -18023,6 +18125,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -18087,11 +18199,13 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "Versión" #: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -18101,6 +18215,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `, " @@ -18578,20 +18760,24 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" #: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" #: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" #: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18604,10 +18790,12 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" #: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18616,10 +18804,12 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" #: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18628,6 +18818,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18637,6 +18828,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " @@ -18644,6 +18836,7 @@ msgid "" msgstr "" #: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -22125,23 +22331,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -22149,28 +22355,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -22178,44 +22384,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " +"most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " +"libraries, and can take advantage of different levels of vectorized " +"instructions available in modern CPUs." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:19 +msgid "" +"Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " +"32-bit and 64-bit binaries in the ``wheel`` format are available for all " +"major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:121 +msgid "" +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " +"distribution published by Anaconda, Inc. It is a stable collection of Open " +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:135 +msgid "" +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." +msgstr "" + +#: ../source/key_projects.rst:407 +msgid "" +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." +msgstr "" + +#: ../source/key_projects.rst:416 +msgid "" +"Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" +msgstr "" + +#: ../source/key_projects.rst:426 +msgid "" +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +#, fuzzy +msgid "Attestation objects" +msgstr "Un proyecto sencillo" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:1003 +msgid "" +"November 2024: provenance metadata in the HTML and JSON formats, in :pep:" +"`740`" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:142 +msgid "" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." +msgstr "" + +#: ../source/guides/tool-recommendations.rst:147 +msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + #~ msgid "``install``" #~ msgstr "``install``" diff --git a/locales/fa/LC_MESSAGES/messages.po b/locales/fa/LC_MESSAGES/messages.po index d62cf6ae5..2b98bf522 100644 --- a/locales/fa/LC_MESSAGES/messages.po +++ b/locales/fa/LC_MESSAGES/messages.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-10-30 00:39+0000\n" +"POT-Creation-Date: 2024-11-25 21:53+0000\n" "PO-Revision-Date: 2023-02-15 07:52+0000\n" "Last-Translator: Arsalan Dehghani \n" "Language-Team: Persian `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5112,9 +5112,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5227,7 +5227,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5259,28 +5259,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8356,29 +8369,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8389,31 +8424,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9588,44 +9623,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9635,17 +9684,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9653,17 +9702,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9675,38 +9724,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9717,34 +9766,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9752,58 +9801,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9815,18 +9864,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9837,32 +9886,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9870,17 +9919,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9890,49 +9939,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9940,33 +9989,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9977,17 +10026,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9997,33 +10046,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10034,18 +10083,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10073,17 +10122,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10091,7 +10140,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10110,24 +10159,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10135,21 +10184,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10157,34 +10206,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12232,7 +12281,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13302,6 +13351,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13439,7 +13489,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "ترجمه‌ها" @@ -15063,6 +15113,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15233,7 +15579,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17123,12 +17469,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "ترجمه‌ها" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17138,11 +17499,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17152,7 +17513,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17160,7 +17521,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17168,13 +17529,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Translations" msgid "Installers" msgstr "ترجمه‌ها" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17184,7 +17545,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17194,14 +17555,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17211,7 +17572,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17219,7 +17580,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17228,38 +17589,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17270,29 +17631,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17301,7 +17662,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17311,48 +17672,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17361,7 +17722,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17373,7 +17734,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17383,18 +17744,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17402,11 +17763,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17414,7 +17775,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17424,7 +17785,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17434,7 +17795,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17442,28 +17803,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17472,38 +17833,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "ترجمه‌ها" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17511,19 +17872,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17576,7 +17937,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17675,27 +18036,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17704,7 +18065,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17715,7 +18076,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17778,12 +18147,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "ترجمه‌ها" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17792,65 +18161,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17858,7 +18227,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17869,7 +18238,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17878,33 +18247,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17914,7 +18283,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17924,7 +18293,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17932,7 +18301,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17943,22 +18312,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17967,25 +18336,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17993,13 +18362,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18009,18 +18378,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18028,7 +18397,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18038,7 +18407,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18046,11 +18415,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18061,7 +18430,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18069,7 +18438,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18078,7 +18447,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18086,7 +18455,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18096,20 +18465,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18117,7 +18486,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18126,18 +18495,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18145,13 +18514,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18160,23 +18529,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18185,63 +18554,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18251,7 +18620,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18259,7 +18628,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18268,21 +18637,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18294,11 +18663,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18306,11 +18675,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18318,7 +18687,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18327,14 +18696,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21801,23 +22176,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21825,28 +22200,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21854,44 +22229,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Filipino `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5100,9 +5100,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5215,7 +5215,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5247,28 +5247,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8336,29 +8349,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8369,31 +8404,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9568,44 +9603,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9615,17 +9664,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9633,17 +9682,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9655,38 +9704,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9697,34 +9746,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9732,58 +9781,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9795,18 +9844,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9817,32 +9866,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9850,17 +9899,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9870,49 +9919,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9920,33 +9969,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9957,17 +10006,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9977,33 +10026,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10014,18 +10063,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10053,17 +10102,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10071,7 +10120,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10090,24 +10139,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10115,21 +10164,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10137,34 +10186,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12212,7 +12261,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13282,6 +13331,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13419,7 +13469,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15042,6 +15092,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15212,7 +15558,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17100,11 +17446,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17114,11 +17475,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17128,7 +17489,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17136,7 +17497,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17144,11 +17505,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17158,7 +17519,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17168,14 +17529,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17185,7 +17546,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17193,7 +17554,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17202,38 +17563,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17244,29 +17605,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17275,7 +17636,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17285,48 +17646,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17335,7 +17696,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17347,7 +17708,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17357,18 +17718,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17376,11 +17737,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17388,7 +17749,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17398,7 +17759,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17408,7 +17769,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17416,28 +17777,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17446,37 +17807,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17484,19 +17845,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17549,7 +17910,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17648,27 +18009,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17677,7 +18038,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17688,7 +18049,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17751,11 +18120,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17764,65 +18133,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17830,7 +18199,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17841,7 +18210,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17850,33 +18219,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17886,7 +18255,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17896,7 +18265,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17904,7 +18273,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17915,22 +18284,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17939,25 +18308,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17965,13 +18334,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17981,18 +18350,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18000,7 +18369,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18010,7 +18379,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18018,11 +18387,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18033,7 +18402,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18041,7 +18410,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18050,7 +18419,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18058,7 +18427,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18068,20 +18437,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18089,7 +18458,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18098,18 +18467,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18117,13 +18486,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18132,23 +18501,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18157,63 +18526,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18223,7 +18592,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18231,7 +18600,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18240,21 +18609,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18266,11 +18635,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18278,11 +18647,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18290,7 +18659,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18299,14 +18668,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21764,23 +22139,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21788,28 +22163,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21817,44 +22192,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: French `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5281,9 +5281,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5396,7 +5396,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5428,28 +5428,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8541,29 +8554,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8574,31 +8609,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9784,44 +9819,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9831,17 +9880,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9849,17 +9898,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9871,38 +9920,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9913,35 +9962,35 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 #, fuzzy msgid "meson-python" msgstr "python" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9949,58 +9998,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -10012,18 +10061,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -10034,32 +10083,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -10067,17 +10116,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -10087,50 +10136,50 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 #, fuzzy msgid "Pulp-python" msgstr "python" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10138,33 +10187,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10175,17 +10224,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10195,33 +10244,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10232,18 +10281,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10271,17 +10320,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10289,7 +10338,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10308,24 +10357,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10333,21 +10382,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10355,34 +10404,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12430,7 +12479,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13500,6 +13549,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "Spécification" @@ -13637,7 +13687,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "Traductions" @@ -15271,6 +15321,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15443,7 +15789,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17341,12 +17687,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "Traductions" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17356,11 +17717,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17370,7 +17731,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17378,7 +17739,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17386,12 +17747,12 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy msgid "Installers" msgstr "Installateur" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17401,7 +17762,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17411,14 +17772,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17428,7 +17789,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17436,7 +17797,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17445,38 +17806,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17487,29 +17848,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17518,7 +17879,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17528,49 +17889,49 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy msgid "Clients" msgstr "Contenu" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17579,7 +17940,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17591,7 +17952,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17601,18 +17962,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17620,11 +17981,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17632,7 +17993,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17642,7 +18003,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17652,7 +18013,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17660,28 +18021,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17690,38 +18051,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "Traductions" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17729,19 +18090,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy msgid "Project List" msgstr "Projet" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 #, fuzzy msgid "As an example:" msgstr "Exemples" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17796,7 +18157,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17896,27 +18257,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17925,7 +18286,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17936,7 +18297,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -18000,12 +18369,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "Traductions" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -18014,65 +18383,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -18080,7 +18449,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -18091,7 +18460,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -18100,33 +18469,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -18136,7 +18505,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18146,7 +18515,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18154,7 +18523,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18165,22 +18534,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18189,25 +18558,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18215,13 +18584,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18231,18 +18600,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18250,7 +18619,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18260,7 +18629,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18268,11 +18637,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18283,7 +18652,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18291,7 +18660,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18300,7 +18669,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18308,7 +18677,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18318,20 +18687,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18339,7 +18708,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18348,18 +18717,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18367,13 +18736,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18382,23 +18751,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18407,63 +18776,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18473,7 +18842,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18481,7 +18850,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18490,22 +18859,22 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 #, fuzzy msgid "Additional file information" msgstr "Outils supplémentaires" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18517,11 +18886,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18529,11 +18898,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18541,7 +18910,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18550,14 +18919,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -22032,23 +22407,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -22056,28 +22431,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -22085,44 +22460,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Hindi `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5128,9 +5128,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5243,7 +5243,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5275,28 +5275,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8384,29 +8397,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8417,31 +8452,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9616,44 +9651,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9663,17 +9712,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9681,17 +9730,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9703,38 +9752,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9745,34 +9794,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9780,58 +9829,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9843,18 +9892,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9865,32 +9914,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9898,17 +9947,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9918,49 +9967,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9968,33 +10017,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10005,17 +10054,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10025,33 +10074,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10062,18 +10111,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10101,17 +10150,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10119,7 +10168,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10138,24 +10187,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10163,21 +10212,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10185,34 +10234,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12260,7 +12309,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13330,6 +13379,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13467,7 +13517,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15095,6 +15145,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15265,7 +15611,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17153,11 +17499,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17167,11 +17528,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17181,7 +17542,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17189,7 +17550,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17197,13 +17558,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Installing packages" msgid "Installers" msgstr "पैकेज प्रतिष्ठापन" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17213,7 +17574,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17223,14 +17584,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17240,7 +17601,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17248,7 +17609,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17257,38 +17618,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17299,29 +17660,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17330,7 +17691,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17340,48 +17701,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17390,7 +17751,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17402,7 +17763,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17412,18 +17773,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17431,11 +17792,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17443,7 +17804,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17453,7 +17814,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17463,7 +17824,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17471,28 +17832,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17501,37 +17862,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17539,19 +17900,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy #| msgid "Project name" msgid "Project List" msgstr "परियोजना" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17606,7 +17967,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17707,27 +18068,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17736,7 +18097,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17747,7 +18108,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17810,11 +18179,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17823,65 +18192,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17889,7 +18258,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17900,7 +18269,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17909,33 +18278,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17945,7 +18314,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17955,7 +18324,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17963,7 +18332,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17974,22 +18343,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17998,25 +18367,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18024,13 +18393,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18040,18 +18409,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18059,7 +18428,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18069,7 +18438,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18077,11 +18446,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18092,7 +18461,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18100,7 +18469,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18109,7 +18478,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18117,7 +18486,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18127,20 +18496,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18148,7 +18517,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18157,18 +18526,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18176,13 +18545,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18191,23 +18560,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18216,63 +18585,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18282,7 +18651,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18290,7 +18659,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18299,21 +18668,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18325,11 +18694,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18337,11 +18706,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18349,7 +18718,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18358,14 +18727,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21825,23 +22200,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21849,28 +22224,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21878,44 +22253,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Indonesian `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5146,9 +5146,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5261,7 +5261,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5293,28 +5293,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8390,29 +8403,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8423,31 +8458,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9622,44 +9657,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9669,17 +9718,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9687,17 +9736,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9709,38 +9758,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9751,34 +9800,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9786,58 +9835,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9849,18 +9898,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9871,32 +9920,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9904,17 +9953,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9924,49 +9973,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9974,33 +10023,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10011,17 +10060,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10031,33 +10080,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10068,18 +10117,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10107,17 +10156,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10125,7 +10174,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10144,24 +10193,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10169,21 +10218,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10191,34 +10240,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12266,7 +12315,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13336,6 +13385,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "Spesifikasi" @@ -13473,7 +13523,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "Penerjemahan" @@ -15099,6 +15149,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15271,7 +15617,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17161,12 +17507,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "Penerjemahan" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17176,11 +17537,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17190,7 +17551,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17198,7 +17559,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17206,13 +17567,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Translations" msgid "Installers" msgstr "Penerjemahan" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17222,7 +17583,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17232,14 +17593,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17249,7 +17610,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17257,7 +17618,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17266,38 +17627,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17308,29 +17669,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17339,7 +17700,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17349,48 +17710,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17399,7 +17760,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17411,7 +17772,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17421,18 +17782,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17440,11 +17801,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17452,7 +17813,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17462,7 +17823,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17472,7 +17833,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17480,28 +17841,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17510,38 +17871,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "Penerjemahan" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17549,19 +17910,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17614,7 +17975,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17713,27 +18074,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17742,7 +18103,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17753,7 +18114,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17816,12 +18185,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "Penerjemahan" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17830,65 +18199,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17896,7 +18265,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17907,7 +18276,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17916,33 +18285,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17952,7 +18321,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17962,7 +18331,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17970,7 +18339,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17981,22 +18350,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18005,25 +18374,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18031,13 +18400,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18047,18 +18416,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18066,7 +18435,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18076,7 +18445,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18084,11 +18453,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18099,7 +18468,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18107,7 +18476,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18116,7 +18485,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18124,7 +18493,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18134,20 +18503,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18155,7 +18524,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18164,18 +18533,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18183,13 +18552,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18198,23 +18567,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18223,63 +18592,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18289,7 +18658,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18297,7 +18666,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18306,21 +18675,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18332,11 +18701,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18344,11 +18713,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18356,7 +18725,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18365,14 +18734,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21839,23 +22214,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "dan *import* package tersebut:" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21863,28 +22238,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21892,44 +22267,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Korean `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5181,9 +5181,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5296,7 +5296,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5328,28 +5328,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8426,29 +8439,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8459,31 +8494,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9658,44 +9693,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9705,17 +9754,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9723,17 +9772,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9745,38 +9794,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9787,34 +9836,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9822,58 +9871,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9885,18 +9934,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9907,32 +9956,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9940,17 +9989,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9960,49 +10009,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10010,33 +10059,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10047,17 +10096,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10067,33 +10116,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10104,18 +10153,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10143,17 +10192,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10161,7 +10210,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10180,24 +10229,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10205,21 +10254,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10227,34 +10276,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12302,7 +12351,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13372,6 +13421,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13509,7 +13559,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "번역" @@ -15136,6 +15186,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15308,7 +15654,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17198,12 +17544,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "번역" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17213,11 +17574,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17227,7 +17588,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17235,7 +17596,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17243,13 +17604,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Translations" msgid "Installers" msgstr "번역" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17259,7 +17620,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17269,14 +17630,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17286,7 +17647,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17294,7 +17655,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17303,38 +17664,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17345,29 +17706,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17376,7 +17737,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17386,48 +17747,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17436,7 +17797,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17448,7 +17809,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17458,18 +17819,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17477,11 +17838,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17489,7 +17850,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17499,7 +17860,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17509,7 +17870,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17517,28 +17878,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17547,38 +17908,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "번역" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17586,19 +17947,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy #| msgid "Project" msgid "Project List" msgstr "프로젝트" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17653,7 +18014,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17754,27 +18115,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17783,7 +18144,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17794,7 +18155,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17857,12 +18226,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "번역" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17871,65 +18240,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17937,7 +18306,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17948,7 +18317,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17957,33 +18326,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17993,7 +18362,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18003,7 +18372,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18011,7 +18380,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18022,22 +18391,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18046,25 +18415,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18072,13 +18441,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18088,18 +18457,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18107,7 +18476,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18117,7 +18486,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18125,11 +18494,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18140,7 +18509,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18148,7 +18517,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18157,7 +18526,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18165,7 +18534,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18175,20 +18544,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18196,7 +18565,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18205,18 +18574,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18224,13 +18593,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18239,23 +18608,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18264,63 +18633,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18330,7 +18699,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18338,7 +18707,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18347,21 +18716,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18373,11 +18742,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18385,11 +18754,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18397,7 +18766,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18406,14 +18775,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21881,23 +22256,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21905,28 +22280,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21934,44 +22309,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Chinese (Literary) `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5100,9 +5100,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5215,7 +5215,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5247,28 +5247,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8336,29 +8349,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8369,31 +8404,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9568,44 +9603,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9615,17 +9664,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9633,17 +9682,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9655,38 +9704,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9697,34 +9746,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9732,58 +9781,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9795,18 +9844,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9817,32 +9866,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9850,17 +9899,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9870,49 +9919,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9920,33 +9969,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9957,17 +10006,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9977,33 +10026,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10014,18 +10063,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10053,17 +10102,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10071,7 +10120,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10090,24 +10139,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10115,21 +10164,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10137,34 +10186,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12212,7 +12261,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13282,6 +13331,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13419,7 +13469,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15042,6 +15092,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15212,7 +15558,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17100,11 +17446,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17114,11 +17475,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17128,7 +17489,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17136,7 +17497,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17144,11 +17505,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17158,7 +17519,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17168,14 +17529,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17185,7 +17546,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17193,7 +17554,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17202,38 +17563,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17244,29 +17605,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17275,7 +17636,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17285,48 +17646,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17335,7 +17696,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17347,7 +17708,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17357,18 +17718,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17376,11 +17737,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17388,7 +17749,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17398,7 +17759,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17408,7 +17769,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17416,28 +17777,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17446,37 +17807,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17484,19 +17845,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17549,7 +17910,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17648,27 +18009,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17677,7 +18038,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17688,7 +18049,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17751,11 +18120,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17764,65 +18133,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17830,7 +18199,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17841,7 +18210,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17850,33 +18219,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17886,7 +18255,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17896,7 +18265,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17904,7 +18273,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17915,22 +18284,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17939,25 +18308,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17965,13 +18334,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17981,18 +18350,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18000,7 +18369,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18010,7 +18379,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18018,11 +18387,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18033,7 +18402,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18041,7 +18410,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18050,7 +18419,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18058,7 +18427,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18068,20 +18437,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18089,7 +18458,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18098,18 +18467,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18117,13 +18486,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18132,23 +18501,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18157,63 +18526,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18223,7 +18592,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18231,7 +18600,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18240,21 +18609,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18266,11 +18635,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18278,11 +18647,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18290,7 +18659,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18299,14 +18668,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21764,23 +22139,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21788,28 +22163,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21817,44 +22192,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Macedonian `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5102,9 +5102,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5217,7 +5217,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5249,28 +5249,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8340,29 +8353,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8373,31 +8408,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9572,44 +9607,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9619,17 +9668,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9637,17 +9686,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9659,38 +9708,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9701,34 +9750,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9736,58 +9785,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9799,18 +9848,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9821,32 +9870,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9854,17 +9903,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9874,49 +9923,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9924,33 +9973,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9961,17 +10010,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9981,33 +10030,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10018,18 +10067,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10057,17 +10106,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10075,7 +10124,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10094,24 +10143,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10119,21 +10168,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10141,34 +10190,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12216,7 +12265,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13286,6 +13335,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13423,7 +13473,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15046,6 +15096,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15216,7 +15562,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17104,11 +17450,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17118,11 +17479,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17132,7 +17493,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17140,7 +17501,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17148,11 +17509,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17162,7 +17523,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17172,14 +17533,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17189,7 +17550,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17197,7 +17558,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17206,38 +17567,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17248,29 +17609,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17279,7 +17640,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17289,48 +17650,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17339,7 +17700,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17351,7 +17712,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17361,18 +17722,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17380,11 +17741,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17392,7 +17753,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17402,7 +17763,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17412,7 +17773,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17420,28 +17781,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17450,37 +17811,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17488,19 +17849,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17553,7 +17914,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17652,27 +18013,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17681,7 +18042,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17692,7 +18053,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17755,11 +18124,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17768,65 +18137,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17834,7 +18203,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17845,7 +18214,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17854,33 +18223,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17890,7 +18259,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17900,7 +18269,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17908,7 +18277,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17919,22 +18288,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17943,25 +18312,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17969,13 +18338,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17985,18 +18354,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18004,7 +18373,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18014,7 +18383,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18022,11 +18391,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18037,7 +18406,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18045,7 +18414,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18054,7 +18423,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18062,7 +18431,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18072,20 +18441,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18093,7 +18462,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18102,18 +18471,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18121,13 +18490,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18136,23 +18505,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18161,63 +18530,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18227,7 +18596,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18235,7 +18604,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18244,21 +18613,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18270,11 +18639,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18282,11 +18651,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18294,7 +18663,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18303,14 +18672,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21768,23 +22143,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21792,28 +22167,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21821,44 +22196,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Portuguese (Brazil) `__, which provides the basis " +#| "for most of the software in the `scientific Python stack `_ can be configured to interoperate with different " +#| "FORTRAN libraries, and can take advantage of different levels of " +#| "vectorised instructions available in modern CPUs." msgid "" "In particular, `NumPy `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" "Em particular, `NumPy `__, que fornece a base para a " @@ -6597,13 +6604,22 @@ msgstr "" "disponíveis em CPUs modernas." #: ../source/guides/installing-scientific-packages.rst:19 +#, fuzzy +#| msgid "" +#| "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-" +#| "built 32-bit and 64-bit binaries in the ``wheel`` format are available " +#| "for all major operating systems (Windows, macOS, and Linux) on PyPI. " +#| "Note, however, that on Windows, NumPy binaries are linked against the " +#| "`ATLAS `__ BLAS/LAPACK library, restricted " +#| "to SSE2 instructions, so they may not provide optimal linear algebra " +#| "performance." msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" "A partir da versão 1.10.4 do NumPy e da versão 1.0.0 do SciPy, binários pré-" "construídos de 32 e 64 bits no formato ``wheel`` estão disponíveis para " @@ -6765,7 +6781,7 @@ msgstr "" "ferramentas padrão ``pip`` e ``virtualenv``." #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "Spack" @@ -6813,35 +6829,33 @@ msgid "The conda cross-platform package manager" msgstr "O gerenciador de pacotes multiplataforma conda" #: ../source/guides/installing-scientific-packages.rst:121 -msgid "" -"`Anaconda `_ is a Python " -"distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." -msgstr "" -"`Anaconda `_ é uma " -"distribuição Python publicada pela Anaconda, Inc. É uma coleção estável de " -"pacotes de código aberto para *big data* e uso científico. A partir da " -"versão 5.0 do Anaconda, cerca de 200 pacotes são instalados por padrão, e um " -"total de 400-500 podem ser instalados e atualizados a partir do repositório " -"Anaconda." - -#: ../source/guides/installing-scientific-packages.rst:127 +#, fuzzy +#| msgid "" +#| "``conda`` is an open source (BSD licensed) package management system and " +#| "environment management system included in Anaconda that allows users to " +#| "install multiple versions of binary software packages and their " +#| "dependencies, and easily switch between them. It is a cross-platform tool " +#| "working on Windows, macOS, and Linux. Conda can be used to package up and " +#| "distribute all kinds of packages, it is not limited to just Python " +#| "packages. It has full support for native virtual environments. Conda " +#| "makes environments first-class citizens, making it easy to create " +#| "independent environments even for C libraries. It is written in Python, " +#| "but is Python-agnostic. Conda manages Python itself as a package, so " +#| "that :command:`conda update python` is possible, in contrast to pip, " +#| "which only manages Python packages. Conda is available in Anaconda and " +#| "Miniconda (an easy-to-install download with just Python and conda)." msgid "" "``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." msgstr "" "``conda`` é um sistema de gerenciamento de pacotes e de gerenciamento de " "ambiente de código aberto (licenciado por BSD) incluído no Anaconda que " @@ -6858,6 +6872,44 @@ msgstr "" "Python. O Conda está disponível no Anaconda e no Miniconda (um download " "fácil de instalar com apenas Python e conda)." +#: ../source/guides/installing-scientific-packages.rst:133 +#, fuzzy +#| msgid "" +#| "`Anaconda `_ is a Python " +#| "distribution published by Anaconda, Inc. It is a stable collection of " +#| "Open Source packages for big data and scientific use. As of the 5.0 " +#| "release of Anaconda, about 200 packages are installed by default, and a " +#| "total of 400-500 can be installed and updated from the Anaconda " +#| "repository." +msgid "" +"Anaconda `Anaconda `_ is a Python " +"distribution published by Anaconda, Inc. It is a stable collection of Open " +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." +msgstr "" +"`Anaconda `_ é uma " +"distribuição Python publicada pela Anaconda, Inc. É uma coleção estável de " +"pacotes de código aberto para *big data* e uso científico. A partir da " +"versão 5.0 do Anaconda, cerca de 200 pacotes são instalados por padrão, e um " +"total de 400-500 podem ser instalados e atualizados a partir do repositório " +"Anaconda." + +#: ../source/guides/installing-scientific-packages.rst:135 +msgid "" +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." +msgstr "" + #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 msgid "Installing stand alone command line tools" msgstr "Instalando ferramentas de linha de comando autônomas" @@ -11047,29 +11099,51 @@ msgstr "Enviando seu Projeto para PyPI" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -11080,37 +11154,37 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 #, fuzzy msgid ":ref:`Flit`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 #, fuzzy msgid ":ref:`Hatch`," msgstr "pip, :ref:`bandersnatch`" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 #, fuzzy msgid ":doc:`nox `," msgstr ":doc:`Documentação `" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 #, fuzzy msgid ":ref:`PDM`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 #, fuzzy msgid ":ref:`Pipenv`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 #, fuzzy msgid ":ref:`Poetry`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 #, fuzzy msgid ":doc:`tox `." msgstr ":doc:`Documentação `" @@ -12716,41 +12790,66 @@ msgstr ":doc:`Documentação `" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -"conda é a ferramenta de gerenciamento de pacotes para as instalações do " -"`Anaconda `__ Python . Anaconda Python " -"é uma distribuição do `Anaconda, Inc `__ voltada especificamente para a comunidade científica, e em " -"particular no Windows onde a instalação de extensões binárias é " -"frequentemente difícil ." -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 +#, fuzzy +#| msgid "" +#| "Conda is a completely separate tool from :ref:`pip`, virtualenv and " +#| "wheel, but provides many of their combined features in terms of package " +#| "management, virtual environment management and deployment of binary " +#| "extensions." msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." msgstr "" "Conda é uma ferramenta completamente separada de :ref:`pip`, virtualenv e " "wheel, mas fornece muitos de seus recursos combinados em termos de " "gerenciamento de pacotes, gerenciamento de ambiente virtual e implantação de " "extensões binárias." -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:420 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" +msgstr "" + +#: ../source/key_projects.rst:426 +#, fuzzy +#| msgid "" +#| "Conda does not install packages from PyPI and can install only from the " +#| "official Anaconda repositories, or anaconda.org (a place for user-" +#| "contributed *conda* packages), or a local (e.g. intranet) package " +#| "server. However, note that :ref:`pip` can be installed into, and work " +#| "side-by-side with conda for managing :term:`distributions ` from PyPI. Also, `conda skeleton `__ is a tool to make Python packages installable by conda by first " +#| "fetching them from PyPI and modifying their metadata." +msgid "" +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" "O Conda não instala pacotes do PyPI e pode instalar apenas a partir dos " "repositórios oficiais do Anaconda, ou anaconda.org (um local para pacotes " @@ -12762,11 +12861,11 @@ msgstr "" "skeleton.html>`__ é uma ferramenta para fazer pacotes Python instaláveis " "pelo conda primeiro obtendo-os em PyPI e modificando seus metadados." -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "devpi" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" @@ -12774,7 +12873,7 @@ msgstr "" "`Documentação `__ | :gh:`Issues ` | `PyPI `__" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 #, fuzzy msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " @@ -12789,11 +12888,11 @@ msgstr "" "atividades de empacotamento, teste e lançamento com Python. devpi também " "fornece uma interface web navegável e pesquisável." -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 #, fuzzy msgid "" "`GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -12810,11 +12909,11 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "enscons" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" @@ -12822,7 +12921,7 @@ msgstr "" ":gh:`Código-fonte ` | :gh:`Issues ` | " "`PyPI `__" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -12843,11 +12942,11 @@ msgstr "" "construídos automaticamente por :ref:`pip`, e wheels que são independentes " "de enscons." -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "Hashdist" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" @@ -12879,7 +12978,7 @@ msgstr "" "`Documentação `__ | `GitHub " "`__" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -12898,11 +12997,11 @@ msgstr "" "pacotes sem estado, com cache e com capacidade de distribuição. É usado por " "alguns pesquisadores, mas não tem manutenção desde 2016." -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "Maturin" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" @@ -12910,7 +13009,7 @@ msgstr "" "`Documentação `__ | `GitHub `__" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " @@ -12921,11 +13020,11 @@ msgstr "" "em Windows, Linux, macOS e FreeBSD, pode enviá-las para PyPI e tem suporte " "básico a PyPy e GraalPy." -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "meson-python" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" @@ -12933,7 +13032,7 @@ msgstr "" "`Documentação `__ | `GitHub " "`__" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -12946,15 +13045,15 @@ msgstr "" "variedade de linguagens, incluindo C, e é capaz de atender às necessidades " "das configurações de compilação mais complexas." -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "multibuild" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "`GitHub `__" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" @@ -12964,25 +13063,25 @@ msgstr "" "term:`wheels ` para Linux, macOS e (menos flexível) Windows. Veja " "também :ref:`cibuildwheel`." -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "pdm" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -12990,7 +13089,7 @@ msgstr "" "`Documentação `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." @@ -12999,7 +13098,7 @@ msgstr "" "`pyproject.toml` para armazenar metadados do projeto conforme definido em :" "pep:`621`." -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13007,7 +13106,7 @@ msgstr "" "`Documentação `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -13019,11 +13118,11 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "pip-tools" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -13052,11 +13151,11 @@ msgstr "" "programa, atualizar todas as dependências (um recurso :ref:`pip` atualmente " "não fornece) e criar camadas de restrições para o programa obedecer." -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -13064,17 +13163,17 @@ msgstr "" "`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "piwheels" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" @@ -13082,7 +13181,7 @@ msgstr "" "`Site `__ | :doc:`Documentação ` " "| `GitHub `__" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -13094,11 +13193,11 @@ msgstr "" "otimizadas para instalação em computadores Raspberry Pi. O Raspberry Pi OS " "pré-configura pip para usar piwheels.org como um índice adicional para PyPI." -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "poetry" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13106,7 +13205,7 @@ msgstr "" "`Documentação `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -13123,11 +13222,11 @@ msgstr "" "dependências, armazenando localmente em cache os metadados sobre as " "dependências." -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -13135,18 +13234,18 @@ msgstr "" "`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 #, fuzzy msgid "Pulp-python" msgstr "python" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -13183,12 +13282,12 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 #, fuzzy msgid "pypiprivate" msgstr "pypiserver" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "pypiserver" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" @@ -13215,7 +13314,7 @@ msgstr "" "`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 #, fuzzy msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" @@ -13233,11 +13332,11 @@ msgstr "" "sem publicá-los publicamente. As organizações que usam o pypiserver " "geralmente baixam pacotes tanto do pypiserver quanto do PyPI." -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "PyScaffold" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13245,7 +13344,7 @@ msgstr "" "`Documentação `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -13262,11 +13361,11 @@ msgstr "" "imediatamente. PyScaffold também pode ser usado com projetos existentes para " "tornar o empacotamento mais fácil." -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -13274,17 +13373,17 @@ msgstr "" "`GitHub e documentação `__ | `PyPI `__" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "scikit-build" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -13313,11 +13412,11 @@ msgstr "" "instalar `ninja `__ (também disponível em " "PyPI)." -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "scikit-build-core" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__ | `PyPI " "`__" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" @@ -13356,7 +13455,7 @@ msgstr "" "`Documentação `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -13368,11 +13467,11 @@ msgstr "" "suas dependências incluídas. Seu objetivo principal é tornar a distribuição " "Python de aplicações e ferramentas de linha de comando rápida e fácil." -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -13389,7 +13488,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__ | `Slides `__" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -13419,7 +13518,7 @@ msgstr "" "no mesmo sistema. O Spack foi projetado para construir rapidamente " "aplicações científicas de alto desempenho em clusters e supercomputadores." -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." @@ -13427,11 +13526,11 @@ msgstr "" "O Spack não está no PyPI (ainda), mas não requer instalação e pode ser usado " "imediatamente após a clonagem do GitHub." -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "zest.releaser" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -13454,15 +13553,15 @@ msgstr "" "versão de pacote, atualizando changelogs, marcando lançamentos no controle " "de fontes e enviando novos pacotes para PyPI." -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "Projetos de biblioteca padrão" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "ensurepip" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" @@ -13470,7 +13569,7 @@ msgstr "" "`Documentação `__ | " "`Issues `__" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -13482,12 +13581,12 @@ msgstr "" "Na maioria dos casos, os usuários finais não usarão este módulo, mas em vez " "disso, ele será usado durante a construção da distribuição Python." -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 #, fuzzy msgid "http.server" msgstr "pypiserver" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 #, fuzzy msgid "" ":doc:`Docs ` | :gh:`Issues `__ | " "`Issues `__" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "venv" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" @@ -13515,7 +13614,7 @@ msgstr "" "`Documentação `__ | " "`Issues `__" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -16184,7 +16283,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -17595,6 +17694,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "Especificação" @@ -17775,7 +17875,7 @@ msgid "" msgstr "Se vários extras forem listados, todas as dependências serão unidas." #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "Versões" @@ -19769,6 +19869,310 @@ msgstr "" "padrões e de proposição de novos está documentado em `pypa.io `__." +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +#, fuzzy +#| msgid "" +#| "This document describes the dependency specifiers format as originally " +#| "specified in :pep:`508`." +msgid "This specification was originally defined in :pep:`740`." +msgstr "" +"Este documento descreve o formato dos especificadores de dependência " +"conforme originalmente especificado na :pep:`508`." + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +#, fuzzy +#| msgid "Existing projects" +msgid "Attestation objects" +msgstr "Projetos existentes" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 #, fuzzy msgid "Inline script metadata" @@ -19941,7 +20345,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 #, fuzzy msgid "Recommendations" msgstr "Recomendações de ferramentas" @@ -22227,12 +22631,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "Nomes não normalizados válidos" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -22242,11 +22661,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -22256,7 +22675,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -22264,7 +22683,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -22272,12 +22691,12 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy msgid "Installers" msgstr "Instalador" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -22287,7 +22706,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -22297,14 +22716,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -22314,7 +22733,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -22322,7 +22741,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -22331,38 +22750,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -22373,29 +22792,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -22404,7 +22823,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -22414,49 +22833,49 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy msgid "Clients" msgstr "Conteúdo" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -22465,7 +22884,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -22477,7 +22896,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -22487,19 +22906,19 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 #, fuzzy msgid "Backwards Compatibility" msgstr "Compatibilidade da ABI" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -22507,11 +22926,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -22519,7 +22938,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -22529,7 +22948,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -22539,7 +22958,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -22547,28 +22966,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -22577,38 +22996,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "Normalização" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -22616,19 +23035,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy msgid "Project List" msgstr "Projeto" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 #, fuzzy msgid "As an example:" msgstr "Um exemplo completo" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -22683,7 +23102,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -22794,27 +23213,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -22823,7 +23242,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -22834,7 +23253,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -22898,12 +23325,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "Versão" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -22912,65 +23339,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -22978,7 +23405,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -22989,7 +23416,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -22998,33 +23425,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -23034,7 +23461,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -23044,7 +23471,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -23052,7 +23479,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -23063,22 +23490,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -23087,25 +23514,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -23113,13 +23540,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -23129,19 +23556,19 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 #, fuzzy msgid "Endpoint Configuration" msgstr "Configurações comuns" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -23149,7 +23576,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -23159,7 +23586,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -23167,11 +23594,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -23182,7 +23609,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -23190,7 +23617,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -23199,7 +23626,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -23207,7 +23634,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -23217,20 +23644,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -23238,7 +23665,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -23247,18 +23674,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -23266,13 +23693,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -23281,23 +23708,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -23306,63 +23733,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -23372,7 +23799,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -23380,7 +23807,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -23389,22 +23816,22 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 #, fuzzy msgid "Additional file information" msgstr "Notas adicionais" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -23416,11 +23843,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -23428,11 +23855,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -23440,7 +23867,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -23449,14 +23876,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` e instale seu pacote a partir do Test PyPI:" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "Certifique-se de especificar seu nome de usuário no nome do pacote!" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" "pip deve instalar o pacote de Test PyPI e a saída deve ser semelhante a esta:" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -27487,7 +27917,7 @@ msgstr "" "pacote de exemplo não tenha nenhuma dependência, é uma boa prática evitar " "instalar dependências ao usar o Test PyPI." -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" @@ -27495,17 +27925,17 @@ msgstr "" "Você pode testar se ele foi instalado corretamente importando o pacote. " "Certifique-se de que ainda está em seu ambiente virtual e execute o Python:" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "e importe o pacote:" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "**Parabéns, você empacotou e distribuiu um projeto Python!** ✨ 🍰 ✨" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -27517,7 +27947,7 @@ msgstr "" "ocasionalmente exclui pacotes e contas. É melhor usar Test PyPI para testes " "e experimentos como este tutorial." -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " @@ -27527,7 +27957,7 @@ msgstr "" "do Python, você pode fazer quase o mesmo que fez neste tutorial, mas com " "estas diferenças importantes:" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " @@ -27537,7 +27967,7 @@ msgstr "" "acrescentar seu nome de usuário como fez no tutorial, mas você não pode usar " "um nome existente." -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " @@ -27547,7 +27977,7 @@ msgstr "" "servidores separados e os detalhes de login do servidor de teste não são " "compartilhados com o servidor principal." -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -27559,7 +27989,7 @@ msgstr "" "pacote em produção, você não precisa especificar ``--repository``; o pacote " "será enviado para https://pypi.org/ por padrão." -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." @@ -27567,7 +27997,7 @@ msgstr "" "Instale seu pacote a partir do PyPI real usando ``python3 -m pip install " "[seu-pacote]``." -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" @@ -27575,21 +28005,21 @@ msgstr "" "Neste ponto, se você quiser ler mais sobre o empacotamento de bibliotecas " "Python, aqui estão algumas coisas que você pode fazer:" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" @@ -27599,11 +28029,11 @@ msgstr "" "de linha de comando para gerenciamento e empacotamento de projetos, como :" "ref:`hatch`, :ref:`flit`, :ref:`pdm` e :ref:`poetry`." -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "Notas" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__ Python installations. Anaconda Python is a distribution " +#~ "from `Anaconda, Inc `__ " +#~ "specifically aimed at the scientific community, and in particular on " +#~ "Windows where the installation of binary extensions is often difficult." +#~ msgstr "" +#~ "conda é a ferramenta de gerenciamento de pacotes para as instalações do " +#~ "`Anaconda `__ Python . Anaconda " +#~ "Python é uma distribuição do `Anaconda, Inc `__ voltada especificamente para a comunidade " +#~ "científica, e em particular no Windows onde a instalação de extensões " +#~ "binárias é frequentemente difícil ." + +#~ msgid "" +#~ "You will be prompted for a username and password. For the username, use " +#~ "``__token__``. For the password, use the token value, including the " +#~ "``pypi-`` prefix." +#~ msgstr "" +#~ "Você será solicitado a fornecer um nome de usuário e uma senha. Para o " +#~ "nome de usuário, use ``__token__``. Para a senha, use o valor do token, " +#~ "incluindo o prefixo ``pypi-``." + #~ msgid "" #~ "A table of URLs where the key is the URL label and the value is the URL " #~ "itself." diff --git a/locales/ro/LC_MESSAGES/messages.po b/locales/ro/LC_MESSAGES/messages.po index d3f4b14bd..16a13a4f2 100644 --- a/locales/ro/LC_MESSAGES/messages.po +++ b/locales/ro/LC_MESSAGES/messages.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-10-30 00:39+0000\n" +"POT-Creation-Date: 2024-11-25 21:53+0000\n" "PO-Revision-Date: 2021-08-20 01:32+0000\n" "Last-Translator: GUILHERME FERNANDES NETO \n" "Language-Team: Romanian `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5100,9 +5100,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5215,7 +5215,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5247,28 +5247,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8338,29 +8351,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8371,31 +8406,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9570,44 +9605,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9617,17 +9666,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9635,17 +9684,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9657,38 +9706,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9699,34 +9748,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9734,58 +9783,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9797,18 +9846,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9819,32 +9868,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9852,17 +9901,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9872,49 +9921,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9922,33 +9971,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9959,17 +10008,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9979,33 +10028,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10016,18 +10065,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10055,17 +10104,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10073,7 +10122,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10092,24 +10141,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10117,21 +10166,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10139,34 +10188,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12214,7 +12263,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13284,6 +13333,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13421,7 +13471,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15044,6 +15094,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15214,7 +15560,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17102,11 +17448,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17116,11 +17477,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17130,7 +17491,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17138,7 +17499,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17146,11 +17507,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17160,7 +17521,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17170,14 +17531,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17187,7 +17548,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17195,7 +17556,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17204,38 +17565,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17246,29 +17607,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17277,7 +17638,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17287,48 +17648,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17337,7 +17698,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17349,7 +17710,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17359,18 +17720,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17378,11 +17739,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17390,7 +17751,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17400,7 +17761,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17410,7 +17771,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17418,28 +17779,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17448,37 +17809,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17486,19 +17847,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17551,7 +17912,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17650,27 +18011,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17679,7 +18040,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17690,7 +18051,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17753,11 +18122,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17766,65 +18135,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17832,7 +18201,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17843,7 +18212,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17852,33 +18221,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17888,7 +18257,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17898,7 +18267,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17906,7 +18275,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17917,22 +18286,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17941,25 +18310,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17967,13 +18336,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17983,18 +18352,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18002,7 +18371,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18012,7 +18381,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18020,11 +18389,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18035,7 +18404,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18043,7 +18412,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18052,7 +18421,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18060,7 +18429,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18070,20 +18439,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18091,7 +18460,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18100,18 +18469,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18119,13 +18488,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18134,23 +18503,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18159,63 +18528,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18225,7 +18594,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18233,7 +18602,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18242,21 +18611,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18268,11 +18637,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18280,11 +18649,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18292,7 +18661,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18301,14 +18670,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21766,23 +22141,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21790,28 +22165,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21819,44 +22194,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Russian `__, which provides the basis " +#| "for most of the software in the `scientific Python stack `_ can be configured to interoperate with different " +#| "FORTRAN libraries, and can take advantage of different levels of " +#| "vectorised instructions available in modern CPUs." msgid "" "In particular, `NumPy `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" "В частности, `NumPy `__, который является основой для " @@ -6640,13 +6647,22 @@ msgstr "" "инструкций, доступных в современных процессорах." #: ../source/guides/installing-scientific-packages.rst:19 +#, fuzzy +#| msgid "" +#| "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-" +#| "built 32-bit and 64-bit binaries in the ``wheel`` format are available " +#| "for all major operating systems (Windows, macOS, and Linux) on PyPI. " +#| "Note, however, that on Windows, NumPy binaries are linked against the " +#| "`ATLAS `__ BLAS/LAPACK library, restricted " +#| "to SSE2 instructions, so they may not provide optimal linear algebra " +#| "performance." msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" "Начиная с версии 1.10.4 NumPy и версии 1.0.0 SciPy, на PyPI доступны " "предварительно собранные 32- и 64-битные двоичные файлы в формате ``колеса'' " @@ -6809,7 +6825,7 @@ msgstr "" "инструментарием на базе ``pip`` и ``virtualenv``." #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "Spack" @@ -6856,35 +6872,33 @@ msgid "The conda cross-platform package manager" msgstr "Кроссплатформенный менеджер пакетов conda" #: ../source/guides/installing-scientific-packages.rst:121 -msgid "" -"`Anaconda `_ is a Python " -"distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." -msgstr "" -"Anaconda `_ - дистрибутив " -"Python, опубликованный компанией Anaconda, Inc. Он представляет собой " -"стабильную коллекцию пакетов с открытым исходным кодом для работы с большими " -"данными и научного использования. В релизе 5.0 Anaconda по умолчанию " -"установлено около 200 пакетов, а всего из репозитория Anaconda можно " -"установить и обновить 400-500 пакетов." - -#: ../source/guides/installing-scientific-packages.rst:127 +#, fuzzy +#| msgid "" +#| "``conda`` is an open source (BSD licensed) package management system and " +#| "environment management system included in Anaconda that allows users to " +#| "install multiple versions of binary software packages and their " +#| "dependencies, and easily switch between them. It is a cross-platform tool " +#| "working on Windows, macOS, and Linux. Conda can be used to package up and " +#| "distribute all kinds of packages, it is not limited to just Python " +#| "packages. It has full support for native virtual environments. Conda " +#| "makes environments first-class citizens, making it easy to create " +#| "independent environments even for C libraries. It is written in Python, " +#| "but is Python-agnostic. Conda manages Python itself as a package, so " +#| "that :command:`conda update python` is possible, in contrast to pip, " +#| "which only manages Python packages. Conda is available in Anaconda and " +#| "Miniconda (an easy-to-install download with just Python and conda)." msgid "" "``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." msgstr "" "``conda`` - это система управления пакетами с открытым исходным кодом " "(лицензия BSD) и система управления окружением, входящая в состав Anaconda, " @@ -6901,6 +6915,44 @@ msgstr "" "пакетами Python. Conda доступна в версиях Anaconda и Miniconda (простая в " "установке загрузка, содержащая только Python и conda)." +#: ../source/guides/installing-scientific-packages.rst:133 +#, fuzzy +#| msgid "" +#| "`Anaconda `_ is a Python " +#| "distribution published by Anaconda, Inc. It is a stable collection of " +#| "Open Source packages for big data and scientific use. As of the 5.0 " +#| "release of Anaconda, about 200 packages are installed by default, and a " +#| "total of 400-500 can be installed and updated from the Anaconda " +#| "repository." +msgid "" +"Anaconda `Anaconda `_ is a Python " +"distribution published by Anaconda, Inc. It is a stable collection of Open " +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." +msgstr "" +"Anaconda `_ - дистрибутив " +"Python, опубликованный компанией Anaconda, Inc. Он представляет собой " +"стабильную коллекцию пакетов с открытым исходным кодом для работы с большими " +"данными и научного использования. В релизе 5.0 Anaconda по умолчанию " +"установлено около 200 пакетов, а всего из репозитория Anaconda можно " +"установить и обновить 400-500 пакетов." + +#: ../source/guides/installing-scientific-packages.rst:135 +msgid "" +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." +msgstr "" + #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 msgid "Installing stand alone command line tools" msgstr "Установка отдельных инструментов командной строки" @@ -11127,11 +11179,17 @@ msgid "Uploading to PyPI" msgstr "Загрузка на PyPI" #: ../source/guides/tool-recommendations.rst:142 +#, fuzzy +#| msgid "" +#| "For projects hosted on GitHub, it is recommended to use the :ref:`trusted " +#| "publishing `, which allows the package to be securely " +#| "uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " +#| "software forges other than GitHub.)" msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" "Для проектов, размещенных на GitHub, рекомендуется использовать : ссылка:" "`доверенная публикация <доверенная публикация>`, которая позволяет безопасно " @@ -11140,12 +11198,34 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" "Другой доступный способ - загрузить пакет вручную с помощью : ссылка:`twine`." -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." @@ -11154,11 +11234,11 @@ msgstr "" "Помимо того, что он является : ссылка:`утратившим актуальность `, он еще и небезопасен." -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "Инструменты рабочего процесса" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -11177,31 +11257,31 @@ msgstr "" "для приложений. Часто они вызывают инструменты, упомянутые выше под капотом. " "В алфавитном порядке:" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr ":ссылка:`Flit`," -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr ":ссылка:`Hatch`," -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr ": документ:`nox `," -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr ":ссылка:`PDM`," -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr ":ссылка:`Pipenv`," -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr ":ссылка:`Поэзия`," -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr ": документ:`токсический <токсический:индекс>`." @@ -12805,40 +12885,66 @@ msgstr ":doc:`Документы `" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -"conda - это инструмент управления пакетами для установки `Anaconda `__ Python. Anaconda Python - это дистрибутив от " -"`Anaconda, Inc `__, " -"ориентированный на научное сообщество, в частности, на Windows, где " -"установка бинарных расширений часто бывает затруднена." -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 +#, fuzzy +#| msgid "" +#| "Conda is a completely separate tool from :ref:`pip`, virtualenv and " +#| "wheel, but provides many of their combined features in terms of package " +#| "management, virtual environment management and deployment of binary " +#| "extensions." msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." msgstr "" "Conda является совершенно отдельным инструментом от :ref:`pip`, virtualenv и " "wheel, но предоставляет многие из их объединенных возможностей в плане " "управления пакетами, виртуальным окружением и развертыванием бинарных " "расширений." -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:420 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" +msgstr "" + +#: ../source/key_projects.rst:426 +#, fuzzy +#| msgid "" +#| "Conda does not install packages from PyPI and can install only from the " +#| "official Anaconda repositories, or anaconda.org (a place for user-" +#| "contributed *conda* packages), or a local (e.g. intranet) package " +#| "server. However, note that :ref:`pip` can be installed into, and work " +#| "side-by-side with conda for managing :term:`distributions ` from PyPI. Also, `conda skeleton `__ is a tool to make Python packages installable by conda by first " +#| "fetching them from PyPI and modifying their metadata." +msgid "" +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" "Conda не устанавливает пакеты из PyPI и может устанавливать их только из " "официальных репозиториев Anaconda, или с anaconda.org (место для " @@ -12851,11 +12957,11 @@ msgstr "" "устанавливаемыми conda, предварительно получив их из PyPI и изменив их " "метаданные." -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "devpi" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" @@ -12863,7 +12969,7 @@ msgstr "" "`Документы `__ | :gh:`Проблемы ` | `PyPI `__" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -12880,11 +12986,11 @@ msgstr "" "наследованием, синхронизацию между этими индексами, репликацию индекса и " "восстановление после отказа, а также загрузку пакетов." -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "dumb-pypi" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" @@ -12892,7 +12998,7 @@ msgstr "" "`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -12904,11 +13010,11 @@ msgstr "" "статическом файловом веб-сервере, чтобы стать пакетным индексом. Он " "поддерживает обслуживание хэша, основных метаданных и yank-статуса." -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "enscons" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" @@ -12916,7 +13022,7 @@ msgstr "" ":gh:`Source ` | :gh:`Проблемы ` | " "`PyPI `__" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -12936,11 +13042,11 @@ msgstr "" "Enscons помогает вам создавать sdists, которые могут быть автоматически " "собраны :ref:`pip`, и колеса, которые не зависят от enscons." -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "Flask-Pypi-Proxy" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" @@ -12949,12 +13055,12 @@ msgstr "" "` | `PyPI `__" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "Не поддерживается, проект сдан в архив" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." @@ -12962,11 +13068,11 @@ msgstr "" "Flask-Pypi-Proxy - это : термин:`индекс пакета <Индекс пакета>` в качестве " "кэшированного прокси для PyPI." -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "Hashdist" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" @@ -12974,7 +13080,7 @@ msgstr "" "`Документы `__ | `GitHub " "`__" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -12992,11 +13098,11 @@ msgstr "" "делает распространение пакетов нестационарным, кэшируемым и ветвящимся. " "Используется некоторыми исследователями, но с 2016 года не поддерживается." -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "Maturin" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" @@ -13004,7 +13110,7 @@ msgstr "" "`Документы `__ | `GitHub `__" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " @@ -13015,11 +13121,11 @@ msgstr "" "и FreeBSD, может загружать их в PyPI и имеет базовую поддержку PyPy и " "GraalPy." -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "meson-python" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" @@ -13027,7 +13133,7 @@ msgstr "" "`Документы `__ | `GitHub " "`__" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -13039,15 +13145,15 @@ msgstr "" "сборки для своего пакета. Он поддерживает широкий спектр языков, включая C, " "и способен удовлетворить потребности большинства сложных конфигураций сборки." -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "multibuild" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "`GitHub `__" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" @@ -13057,15 +13163,15 @@ msgstr "" "`wheels ` для Linux, macOS и (менее гибко) Windows. Также смотрите :" "ref:`cibuildwheel`." -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "nginx_pypi_cache" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr ":gh:`GitHub `" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." @@ -13073,11 +13179,11 @@ msgstr "" "nginx_pypi_cache - это : термин:`пакетный индекс <пакетный индекс>` " "кэширующего прокси, использующего `nginx `_." -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "pdm" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13085,7 +13191,7 @@ msgstr "" "`Документы `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." @@ -13094,7 +13200,7 @@ msgstr "" "`pyproject.toml` для хранения метаданных проекта, как определено в :pep:" "`621`." -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13102,7 +13208,7 @@ msgstr "" "`Документы `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -13123,11 +13229,11 @@ msgstr "" "инструменты, поддерживающие превращение PEX-файла в стандартный venv, " "построение графиков зависимостей и многое другое." -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "pip-инструменты" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -13157,17 +13263,17 @@ msgstr "" "предоставляет), а также создать слои ограничений, которым должна подчиняться " "программа." -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "pip2pi" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" ":gh:`GitHub <волевой/pip2pi>` | `PyPI `__" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." @@ -13175,11 +13281,11 @@ msgstr "" "pip2pi - это сервер : термин:`индекс пакетов <Индекс пакетов>`, на котором " "вручную синхронизируются определенные пакеты." -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "piwheels" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" @@ -13187,7 +13293,7 @@ msgstr "" "Веб-сайт `__ | :doc:`Docs ` | " "`GitHub `__" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -13200,11 +13306,11 @@ msgstr "" "В Raspberry Pi OS предварительно настроен pip на использование piwheels.org " "в качестве дополнительного индекса к PyPI." -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "поэзия" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13212,7 +13318,7 @@ msgstr "" "`Документы `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -13228,17 +13334,17 @@ msgstr "" "зависимостей. Он пытается ускорить процесс установки и разрешения " "зависимостей, локально кэшируя метаданные о зависимостях." -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "proxpi" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" ":gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." @@ -13246,11 +13352,11 @@ msgstr "" "proxpi - это простой : термин:`индекс пакетов <Индекс пакетов>`, который " "проксирует PyPI и другие индексы с кэшированием." -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "Pulp-python" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" @@ -13258,7 +13364,7 @@ msgstr "" "`Документация `__ | :gh:`GitHub " "` | `PyPI `__." -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " @@ -13269,11 +13375,11 @@ msgstr "" "поддерживаемые локальным или `AWS S3`_, загрузку пакетов и проксирование к " "нескольким индексам пакетов." -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "Облако PyPI" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" @@ -13281,7 +13387,7 @@ msgstr "" "`Документация `__ | :gh:`GitHub ` | `PyPI `__." -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -13293,11 +13399,11 @@ msgstr "" "файлы. PyPI Облако поддерживает перенаправление/кэширование прокси для PyPI, " "а также аутентификацию и авторизацию." -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "pypiprivate" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -13305,7 +13411,7 @@ msgstr "" ":gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." @@ -13313,11 +13419,11 @@ msgstr "" "pypiprivate обслуживает локальную (или размещенную на `AWS S3`_ директорию " "пакетов как : термин:`пакетный индекс <Пакетный индекс>`." -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "pypiserver" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" @@ -13325,7 +13431,7 @@ msgstr "" "`GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -13343,11 +13449,11 @@ msgstr "" "не публикуя их публично. Организации, использующие pypiserver, обычно " "загружают пакеты как с pypiserver, так и с PyPI." -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "PyScaffold" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -13355,7 +13461,7 @@ msgstr "" "`Документы `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -13372,17 +13478,17 @@ msgstr "" "PyScaffold также можно использовать с существующими проектами, чтобы " "упростить их упаковку." -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "pywharf" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" ":gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." @@ -13390,11 +13496,11 @@ msgstr "" "pywharf - это сервер : термин:`пакетный индекс <Пакетный индекс>`, " "обслуживающий файлы локально или с `GitHub `_." -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "scikit-build" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -13422,11 +13528,11 @@ msgstr "" "распараллеливания сборки больших проектов пользователь может установить " "`ninja `__ (также доступен на PyPI)." -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "scikit-build-core" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__ | `PyPI " "`__" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" @@ -13464,7 +13570,7 @@ msgstr "" "`Документы `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -13476,11 +13582,11 @@ msgstr "" "Ее основная цель - сделать распространение Python-приложений и инструментов " "командной строки быстрым и легким." -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "simpleindex" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -13488,7 +13594,7 @@ msgstr "" ":gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -13501,7 +13607,7 @@ msgstr "" "пользовательского плагина) каталоги пакетов, а также поддерживает " "пользовательские плагины." -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__ | `Slides `__" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -13531,7 +13637,7 @@ msgstr "" "разработан для быстрого создания высокопроизводительных научных приложений " "на кластерах и суперкомпьютерах." -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." @@ -13539,11 +13645,11 @@ msgstr "" "Spack нет в PyPI (пока), но он не требует установки и может быть использован " "сразу после клонирования с GitHub." -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "zest.releaser" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -13566,15 +13672,15 @@ msgstr "" "пакетов, обновления журналов изменений, маркировки релизов в системе " "контроля исходного кода и загрузки новых пакетов в PyPI." -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "Проекты в стандартное библиотеке" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "ensurepip" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" @@ -13582,7 +13688,7 @@ msgstr "" "`Документация `__ | " "`Замечания `__" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -13594,11 +13700,11 @@ msgstr "" "случаев конечные пользователи не будут использовать этот модуль, скорее он " "будет использоваться во время сборки дистрибутива Python." -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "http.server" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" @@ -13606,7 +13712,7 @@ msgstr "" ": Док:`Документы ` | :gh:`Выпуски `" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" @@ -13616,11 +13722,11 @@ msgstr "" "сайта, например, как : термин:`пакетный индекс <Пакетный индекс>` (см. :" "ссылка:`Хостинг собственного простого репозитория`)." -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "venv" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" @@ -13628,7 +13734,7 @@ msgstr "" "`Документация `__ | `Замечания " "`__" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -16267,7 +16373,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -17673,6 +17779,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "Спецификация" @@ -17853,7 +17960,7 @@ msgstr "" "Если перечислено несколько дополнений, все зависимости объединяются вместе." #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "Версии" @@ -20114,6 +20221,308 @@ msgstr "" "стандартов и предложения новых задокументирован на сайте `pypa.io `__." +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +#, fuzzy +#| msgid "" +#| "This specification was originally defined in :pep:`518` and :pep:`621`." +msgid "This specification was originally defined in :pep:`740`." +msgstr "" +"Эта спецификация была первоначально определена в :pep:`518` и :pep:`621`." + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +#, fuzzy +#| msgid "Existing projects" +msgid "Attestation objects" +msgstr "Существующие проекты" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "Встроенные метаданные сценария" @@ -20345,7 +20754,7 @@ msgid "" msgstr "Ниже приведен пример чтения потока произвольных блоков метаданных." #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "Рекомендации" @@ -22892,11 +23301,26 @@ msgstr "" "В значении атрибута < и > должны быть закодированы в HTML как ``<`` и " "``>``, соответственно." -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "Нормализованные названия" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -22912,11 +23336,11 @@ msgstr "" "символов ``.``, ``-`` или ``_`` должны быть заменены одним символом ``-``. " "Это можно реализовать на языке Python с помощью модуля ``re``::" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "Добавление поддержки \"Янк\" в простой API" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -22932,7 +23356,7 @@ msgstr "" "\"выдернут\", и не должен выбираться программой установки, за исключением " "особых случаев." -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -22944,7 +23368,7 @@ msgstr "" "выдернут. Инструменты, обрабатывающие простой API репозитория, **МОГУТ** " "отображать эту строку для конечных пользователей." -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -22956,11 +23380,11 @@ msgstr "" "пользователи API **МОГУТ** быть в состоянии справиться с тем, что файл с " "атрибутом yanked может быть \"отменен\" (и даже снова отменен)." -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "Установщики" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -22976,7 +23400,7 @@ msgstr "" "первоначальному приказу установить удаленный файл, то он ведет себя так, как " "будто он не был удален." -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -22992,7 +23416,7 @@ msgstr "" "**ДОЛЖНА** выбрать политику, которая следует духу вышеуказанного намерения и " "предотвращает \"новые\" зависимости от выдернутых релизов/файлов." -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " @@ -23002,7 +23426,7 @@ msgstr "" "вписать это в общее использование своего инсталлятора. Однако можно " "предложить два подхода:" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -23020,7 +23444,7 @@ msgstr "" "спецификаторы>` для таких вещей, как локальные версии, нулевые подстановки и " "т.д." -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -23033,7 +23457,7 @@ msgstr "" "этом случае выдернутый файл **ДОЛЖЕН** не использоваться при создании или " "обновлении файла блокировки из какого-либо входного файла или команды." -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -23049,15 +23473,15 @@ msgstr "" "пользователю более конкретную информацию о том, почему этот файл был " "выдернут." -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "Зеркала" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "Как правило, зеркала можно обрабатывать одним из двух способов:" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " @@ -23067,7 +23491,7 @@ msgstr "" "предоставляя представление репозитория, в котором отображаются только " "\"активные\", незаанкетированные файлы." -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." @@ -23075,7 +23499,7 @@ msgstr "" "Они могут выбрать включение выдернутых файлов и дополнительно отразить " "атрибут ``данные выдернуты``." -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." @@ -23083,11 +23507,11 @@ msgstr "" "Зеркала **МОГУТ НЕ** зеркалировать выдернутый файл, не зеркалируя также " "атрибут ``данные выдернуты`` для него." -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "Версионирование простого API PyPI" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -23105,15 +23529,15 @@ msgstr "" "возможностей, поддерживаемых :ссылка:`спецификация версий <версия-" "спецификаторы>`." -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "В итоге это будет выглядеть так::" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "При интерпретации версии репозитория:" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " @@ -23123,7 +23547,7 @@ msgstr "" "несовместимом с обратной стороной, когда существующие клиенты уже не смогут " "полноценно использовать API." -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " @@ -23133,7 +23557,7 @@ msgstr "" "изменении обратной совместимости, так что ожидается, что существующие " "клиенты все еще смогут полноценно использовать API." -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -23147,7 +23571,7 @@ msgstr "" "использовать API, и это может включать добавление, модификацию или удаление " "существующих функций." -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -23163,7 +23587,7 @@ msgstr "" "который жил по адресу /v2/, но который был бы запутан, если бы в репозитории-" "версия была установлена версия >= 2)." -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " @@ -23173,12 +23597,12 @@ msgstr "" "будущие спецификации, которые будут развивать простой API, будут увеличивать " "номер минорной версии." -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "Клиенты" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " @@ -23188,7 +23612,7 @@ msgstr "" "на версию хранилища, и если эти данные отсутствуют, **ОБЯЗАНЫ** считать, что " "это версия 1.0." -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." @@ -23197,7 +23621,7 @@ msgstr "" "**ДОЛЖНЫ** жестко отказывать с соответствующим сообщением об ошибке для " "пользователя." -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." @@ -23205,7 +23629,7 @@ msgstr "" "При столкновении с минорной версией, превышающей ожидаемую, клиенты " "**ДОЛЖНЫ** предупреждать пользователей соответствующим сообщением." -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." @@ -23213,11 +23637,11 @@ msgstr "" "Клиенты **МОГУТ** продолжать использовать обнаружение функций, чтобы " "определить, какие функции использует хранилище." -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "Предоставление метаданных распространения в API простого репозитория" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -23231,7 +23655,7 @@ msgstr "" "представленный тегом якоря, **МОЖЕТ** содержать файл метаданных Core, " "который не будет изменен при обработке и/или установке дистрибутива." -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -23251,7 +23675,7 @@ msgstr "" "ref:`в базовой спецификации HTML API <простой репозиторий-апи-база>` " "указывается местоположение файла подписи GPG." -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -23267,11 +23691,11 @@ msgstr "" "**МОЖЕТ** использовать ``true`` в качестве значения атрибута, если хэш " "недоступен." -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "Обратная совместимость" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " @@ -23281,7 +23705,7 @@ msgstr "" "метаданные``, ожидается, что инструменты вернутся к своему текущему " "поведению загрузки дистрибутива для проверки метаданных." -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -23294,11 +23718,11 @@ msgstr "" "метаданных. Это похоже на то, как предыдущие добавления атрибута ``данные-`` " "предполагают работу существующих инструментов." -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "Простой API на основе JSON для индексов пакетов Python" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -23311,7 +23735,7 @@ msgstr "" "api-базовая>`) должны быть сериализованы с помощью `JSON `_." -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -23327,7 +23751,7 @@ msgstr "" "согласование содержимого, чтобы позволить клиенту и серверу выбрать " "правильный формат сериализации для обслуживания, т.е. либо HTML, либо JSON." -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -23343,7 +23767,7 @@ msgstr "" "для существующих возможностей, эта спецификация не изменяет существующую " "версию ``1.0``, а вместо этого просто описывает, как сериализовать ее в JSON." -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -23355,7 +23779,7 @@ msgstr "" "изменения в новом формате приведут к тому, что существующие клиенты больше " "не смогут понять этот формат." -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " @@ -23365,7 +23789,7 @@ msgstr "" "добавляются или удаляются функции, но ожидается, что существующие клиенты " "будут продолжать понимать формат." -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " @@ -23375,7 +23799,7 @@ msgstr "" "понять формат, и которые не представляют собой добавления или удаления " "функций, могут происходить без изменения номера версии." -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " @@ -23386,7 +23810,7 @@ msgstr "" "вносящих какие-либо изменения в API, чтобы исследовать и решить, должно ли " "это изменение увеличивать мажорную или минорную версию." -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -23400,7 +23824,7 @@ msgstr "" "быть синхронизированы, но специфика того, как функция сериализуется в каждом " "формате, может отличаться, включая то, присутствует ли эта функция вообще." -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " @@ -23410,11 +23834,11 @@ msgstr "" "URL, которые возвращают данные, интерпретация которых определяется версией " "этих данных, а затем сериализуются в целевой формат сериализации." -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "Сериализация JSON" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " @@ -23424,7 +23848,7 @@ msgstr "" "апи-база>` по-прежнему применима, так как эта спецификация лишь добавляет " "дополнительный формат сериализации для уже существующего API." -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" @@ -23432,7 +23856,7 @@ msgstr "" "Следующие ограничения применяются ко всем сериализованным ответам JSON, " "описанным в данной спецификации:" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." @@ -23440,7 +23864,7 @@ msgstr "" "Все ответы JSON *всегда* будут представлять собой объект JSON, а не массив " "или другой тип." -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 #, fuzzy #| msgid "" #| "While JSON doesn't natively support an URL type, any value that " @@ -23458,7 +23882,7 @@ msgstr "" "правильное местоположение. Если они относительные, то они относятся к " "текущему URL, как если бы это был HTML." -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." @@ -23466,7 +23890,7 @@ msgstr "" "Дополнительные ключи могут быть добавлены к любым объектам словаря в ответах " "API, и клиенты **МОГУТ** игнорировать ключи, которые они не понимают." -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." @@ -23474,7 +23898,7 @@ msgstr "" "Все JSON-ответы имеют ключ ``meta``, который содержит информацию, " "относящуюся к самому ответу, а не к его содержимому." -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." @@ -23496,11 +23920,11 @@ msgstr "" "Все требования : ссылка:`базовой спецификации HTML API <простой репозиторий-" "апи-база>`, не относящиеся к HTML, остаются в силе." -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "Список проектов" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" @@ -23508,7 +23932,7 @@ msgstr "" "Корневой URL ``/`` для этой спецификации (который представляет собой базовый " "URL) будет представлять собой словарь в кодировке JSON, имеющий два ключа:" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." @@ -23517,8 +23941,8 @@ msgstr "" "одним ключом, ``название``, который представляет собой строку с названием " "проекта." -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." @@ -23526,12 +23950,12 @@ msgstr "" "``meta``: Общие метаданные ответа, как `описано ранее `__." -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "В качестве примера:" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -23547,7 +23971,7 @@ msgstr "" "на то, что это ненормализованное или нормализованное имя, - это полагаться " "на детали реализации данного репозитория." -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " @@ -23671,7 +24095,7 @@ msgstr "" "HTML API ``, ключ ``запросы-python`` не требует " "никакого специального экранирования, кроме того, что JSON делает естественно." -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -23688,7 +24112,7 @@ msgstr "" "метаданных, либо словарем, отображающим имена хэшей на шестнадцатеричный " "дайджест хэша метаданных." -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " @@ -23697,7 +24121,7 @@ msgstr "" "Если это словарь хэшей, а не булевых значений, то все те же требования и " "рекомендации, что и для ключа ``хэши``, справедливы и для этого ключа." -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " @@ -23707,7 +24131,7 @@ msgstr "" "не существовать. Если значение ключа истинно, то файл метаданных " "присутствует, а если ложно, то нет." -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." @@ -23715,7 +24139,7 @@ msgstr "" "Рекомендуется, чтобы серверы по возможности предоставляли хэши файлов " "метаданных." -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -23730,7 +24154,7 @@ msgstr "" "Если этот ключ не существует, то подпись может существовать, а может и не " "существовать." -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -23748,7 +24172,15 @@ msgstr "" "``url``, был \"Yanked\" согласно : ссылка:спецификации API yank <простой " "репозиторий-апи-yank>`." -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -23836,11 +24268,11 @@ msgstr "" "далее определяет ``текст/html`` как псевдоним для типа содержимого " "``приложение/vnd.pypi. простой.v1+html``." -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "Выбор версии + формата" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -23854,7 +24286,7 @@ msgstr "" "новая основная версия API могла быть добавлена без нарушения работы " "существующих клиентов, ожидающих предыдущую версию API." -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" @@ -23872,7 +24304,7 @@ msgstr "" "Хотя эта спецификация не может полностью описать всю процедуру согласования " "содержимого на сервере, ее суть примерно такова:" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." @@ -23880,7 +24312,7 @@ msgstr "" "Клиент отправляет HTTP-запрос, содержащий заголовок ``Принять``, в котором " "перечислены все типы содержимого версии+формата, которые он способен понять." -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " @@ -23890,7 +24322,7 @@ msgstr "" "содержимого, затем возвращает ответ, используя этот тип содержимого " "(рассматривая отсутствие заголовка ``принять`` как ``принять: */*``)." -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " @@ -23899,7 +24331,7 @@ msgstr "" "Если сервер не поддерживает ни один из типов содержимого в заголовке " "``принять``, он может выбрать один из 3 вариантов ответа:" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." @@ -23907,7 +24339,7 @@ msgstr "" "Выберите тип содержимого по умолчанию, отличный от того, что запросил " "клиент, и верните ответ с этим типом." -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " @@ -23917,7 +24349,7 @@ msgstr "" "запрошенных типов содержимого не был доступен, и сервер не смог или не " "захотел выбрать тип содержимого по умолчанию для ответа." -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." @@ -23925,7 +24357,7 @@ msgstr "" "Возвращает ответ HTTP ``300 Множество вариантов``, содержащий список всех " "возможных ответов, которые могли быть выбраны." -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." @@ -23933,7 +24365,7 @@ msgstr "" "Клиент интерпретирует ответ, обрабатывая различные типы ответов, которые мог " "дать сервер." -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -23945,7 +24377,7 @@ msgstr "" "**ДОЛЖНЫ** быть готовы обрабатывать все возможные ответы тем способом, " "который наиболее удобен для них." -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -23963,7 +24395,7 @@ msgstr "" "случае, так что в лучшем случае этот ответ будет рассматриваться так же, как " "и ошибка ``406 не принято``." -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 #, fuzzy #| msgid "" #| "This spec **does** require that if the meta version ``latest`` is being " @@ -23986,7 +24418,7 @@ msgstr "" "``v1.x``, должен иметь ``Контент-Тип`` из ``приложение/vnd.pypi.простой." "v1+json``)." -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " @@ -23996,19 +24428,19 @@ msgstr "" "содержимого, которые клиент понимает и может обрабатывать. Он поддерживает " "три различных формата для каждого запрашиваемого типа содержимого:" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "``$тип/$подтип``" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "``$тип/*``" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "``*/*``" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " @@ -24018,7 +24450,7 @@ msgstr "" "$подтип``, поскольку это единственный способ действительно указать нужную " "версию и формат." -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -24034,7 +24466,7 @@ msgstr "" "синтаксис ``принять`` в заголовке ``значение качества `_." -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -24050,7 +24482,7 @@ msgstr "" "более низким качеством, и любая запись без присутствующего качества будет по " "умолчанию иметь качество ``1``." -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -24061,7 +24493,7 @@ msgstr "" "запрошенных ими типов содержимого, независимо от их приоритета, и даже может " "вернуть тип содержимого, который они **не* запрашивали." -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -24080,11 +24512,11 @@ msgstr "" "_internal/index/collector.py#L123-L150>`_, так что риск реальных поломок " "невелик." -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "Пример работы клиента может выглядеть следующим образом:" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " @@ -24094,11 +24526,11 @@ msgstr "" "удалит типы контента, которые ему не нужны, из заголовка ``принять``, и " "превратит их получение в ошибку." -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "Альтернативные механизмы переговоров" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -24113,11 +24545,11 @@ msgstr "" "предусмотрены альтернативные механизмы согласования, которые могут " "*факультативно* использоваться вместо него." -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "Параметр URL" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 #, fuzzy #| msgid "" #| "Servers that implement the Simple API may choose to support an URL " @@ -24131,7 +24563,7 @@ msgstr "" "Серверы, реализующие простой API, могут поддерживать параметр URL с именем " "``формат``, чтобы позволить клиентам запрашивать определенную версию URL." -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " @@ -24141,7 +24573,7 @@ msgstr "" "содержимого. Передача нескольких типов содержимого, подстановочных карт, " "качественных значений и т. д. **не поддерживается." -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -24154,7 +24586,7 @@ msgstr "" "документации или примечаниях можно было ссылаться на конкретную " "версию+формат." -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." @@ -24162,7 +24594,7 @@ msgstr "" "Серверы, не поддерживающие этот параметр, могут возвращать ошибку при его " "наличии или просто игнорировать его присутствие." -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -24179,11 +24611,11 @@ msgstr "" "Недоступен``, ``303 Несколько вариантов`` или выбор типа по умолчанию для " "возврата)." -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "Конфигурация конечной точки" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " @@ -24194,7 +24626,7 @@ msgstr "" "серверам выбирать, какой из доступных типов содержимого является их типом по " "умолчанию." -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -24206,7 +24638,7 @@ msgstr "" "свой клиент для выбора нужной им версии, то такая конфигурация " "поддерживается." -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -24223,7 +24655,7 @@ msgstr "" "``Принять``, сервер может проигнорировать его и вернуть тип содержимого, " "соответствующий данной конечной точке." -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -24235,11 +24667,11 @@ msgstr "" "репозитория, и при запросе к этому серверу выдавать заголовок ``Принять``, " "который *только* включает правильный тип содержимого." -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "Поддержка TUF - PEP 458" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -24257,7 +24689,7 @@ msgstr "" "клиент TUF не может справиться с тем, что цель может иметь несколько " "различных представлений, которые хэшируются по-разному." -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -24269,7 +24701,7 @@ msgstr "" "путь типа ``простой/ПРОЕКТ/`` неприемлем, потому что технически он указывает " "на каталог." -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -24283,7 +24715,7 @@ msgstr "" "который нужно получить. То же самое можно сказать и о других аспектах " "фактического HTTP-запроса, таких как заголовок ``принять``." -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -24295,7 +24727,7 @@ msgstr "" "данная спецификация откладывает принятие решения о том, как именно " "представлять это в метаданных :pep:`458`." -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -24311,7 +24743,7 @@ msgstr "" "формат v1 HTML будет ``простой/ПРОЕКТ/vnd.pypi. простой.v1.html``, а формат " "v1 JSON будет ``простой/ПРОЕКТ/vnd.pypi.простой.v1.json``." -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " @@ -24321,7 +24753,7 @@ msgstr "" "``приложения/vnd.pypi. простой.v1+html`` при взаимодействии через TUF, " "скорее всего, будет разумнее нормализовать к более явному имени." -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." @@ -24329,7 +24761,7 @@ msgstr "" "Аналогично, метаверсия ``последней`` не должна включаться в цели, должны " "поддерживаться только явно объявленные версии." -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -24341,7 +24773,7 @@ msgstr "" "реализации этой спецификации, но он **не** представляет собой никаких " "требований по соответствию этим решениям." -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -24355,11 +24787,11 @@ msgstr "" "использование API обеспечивало защитные ограждения, которые пытаются " "подтолкнуть клиента к наилучшему выбору." -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "Рекомендуется использовать серверы:" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " @@ -24370,7 +24802,7 @@ msgstr "" "крайней мере, пока они получают нетривиальный трафик, использующий ответы " "HTML." -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -24381,7 +24813,7 @@ msgstr "" "с которыми сервер умеет работать, сервер не должен возвращать ответ ``300 " "Множественный выбор``, а вместо этого возвращает ответ ``406 Неприемлемо``." -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." @@ -24390,7 +24822,7 @@ msgstr "" "предпочесть возвращать ответ ``200 OK`` в ожидаемом типе содержимого для " "данной конечной точки." -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -24405,11 +24837,11 @@ msgstr "" "использовать тип содержимого ``текст/html`` только в качестве последнего " "средства." -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "Рекомендуется, чтобы клиенты:" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." @@ -24417,7 +24849,7 @@ msgstr "" "Поддерживать все 3 типа контента, описанные в данной спецификации, используя " "согласование контента с сервером, до тех пор, пока это возможно." -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." @@ -24425,7 +24857,7 @@ msgstr "" "При составлении заголовка ``Принять`` включите в него все типы содержимого, " "которые вы поддерживаете." -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -24439,7 +24871,7 @@ msgstr "" "стандартной библиотеки и беспокоитесь о том, что некоторые типы HTML-ответов " "могут быть не в состоянии разобрать в некоторых крайних случаях)." -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " @@ -24450,7 +24882,7 @@ msgstr "" "html``, если только это не единственный тип содержимого, который вы " "запрашиваете." -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." @@ -24458,7 +24890,7 @@ msgstr "" "Явно выбирайте версии, которые они ищут, вместо того чтобы использовать " "``последнюю`` мета-версию во время обычной работы." -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." @@ -24466,11 +24898,11 @@ msgstr "" "Проверьте ``Контент-Тип`` в ответе и убедитесь, что он соответствует тому, " "что вы ожидали." -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "Дополнительные поля для простого API для индексов пакетов" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " @@ -24480,15 +24912,15 @@ msgstr "" "версии API нет никаких изменений по сравнению с версией 1.0. Для JSON-версии " "API сделаны следующие изменения:" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "В ``api-версия`` должна быть указана версия 1.1 или более поздняя." -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "На верхнем уровне добавляется новый ключ ``версии``." -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." @@ -24496,7 +24928,7 @@ msgstr "" "В данные ``файлы`` добавлены два новых ключа \"информации о файле\", " "``размер`` и ``время загрузки``." -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." @@ -24505,7 +24937,7 @@ msgstr "" "частные для использования индексным сервером. Ни один будущий стандарт не " "будет присваивать значение такому ключу." -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." @@ -24513,7 +24945,7 @@ msgstr "" "Ключи ``версии`` и ``размер`` являются обязательными. Ключ ``время " "загрузки`` является необязательным." -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -24529,7 +24961,7 @@ msgstr "" "для этого проекта. Значение логически является набором, и поэтому не может " "содержать дубликатов, а порядок значений не имеет значения." -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -24541,7 +24973,7 @@ msgstr "" "ассоциированных файлов (для представления версий без загруженных файлов, " "если сервер имеет такую концепцию)." -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -24556,15 +24988,15 @@ msgstr "" "что они могут быть упорядочены с использованием правил VSS. Тем не менее, " "серверы ДОЛЖНЫ использовать нормализованные версии VSS, где это возможно." -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "Дополнительная информация о файле" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "К ключу ``файлы`` добавляются два новых ключа." -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." @@ -24572,7 +25004,7 @@ msgstr "" "``размер``: Это поле является обязательным. Оно ДОЛЖНО содержать целое " "число, представляющее собой размер файла в байтах." -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -24592,11 +25024,11 @@ msgstr "" "содержать до 6 цифр точности. Если сервер не записывает информацию о времени " "загрузки файла, он МОЖЕТ опустить ключ ``время загрузки``." -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "Переименование dist- инфо-метаданных в простом API" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -24609,11 +25041,11 @@ msgstr "" "этом документе должны интерпретироваться так, как описано в :rfc:`RFC 2119 " "<2119>`." -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "Серверы" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -24625,7 +25057,7 @@ msgstr "" "**ОБЯЗАТЕЛЬНО** передаются с помощью атрибута ``данные-ядро-метаданные``, " "при этом поддерживаемые значения остаются прежними." -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -24638,7 +25070,7 @@ msgstr "" "**МОЖНО** передавать с помощью ключа ``ядро-метаданные``, при этом " "поддерживаемые значения остаются неизменными." -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " @@ -24649,7 +25081,7 @@ msgstr "" "метаданные``, и если оно это делает, то **ДОЛЖНО** соответствовать значению " "``данные-ядро-метаданные``." -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` и установите свой пакет из TestPyPI:" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "Обязательно укажите свое имя пользователя в названии пакета!" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" @@ -29380,7 +29821,7 @@ msgstr "" "pip должен установить пакет из TestPyPI, и результат должен выглядеть " "примерно так:" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -29396,7 +29837,7 @@ msgstr "" "неожиданное. Хотя наш пример не имеет зависимостей, рекомендуется избегать " "установки зависимостей при использовании TestPyPI." -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" @@ -29405,18 +29846,18 @@ msgstr "" "Убедитесь, что вы все еще находитесь в виртуальной среде, а затем запустите " "Python:" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "и импортировать пакет:" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" "**Поздравляем, вы упаковали и распространили проект на Python!** ✨ 🍰 ✨" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -29428,7 +29869,7 @@ msgstr "" "времени удаляет пакеты и аккаунты. Лучше всего использовать TestPyPI для " "тестирования и экспериментов, подобных этому руководству." -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " @@ -29437,7 +29878,7 @@ msgstr "" "Когда вы будете готовы загрузить реальный пакет в Python Package Index, вы " "можете сделать все то же самое, что и в этом уроке, но с важными отличиями:" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " @@ -29447,7 +29888,7 @@ msgstr "" "добавлять имя пользователя, как это было в учебнике, но нельзя использовать " "существующее имя." -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " @@ -29457,7 +29898,7 @@ msgstr "" "это два отдельных сервера и данные для входа с тестового сервера не " "передаются на основной сервер." -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -29469,7 +29910,7 @@ msgstr "" "Теперь, когда вы загружаете пакет в production, вам не нужно указывать ``--" "репозиторий``; пакет будет загружен на https://pypi.org/ по умолчанию." -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." @@ -29477,7 +29918,7 @@ msgstr "" "Установите свой пакет из настоящего PyPI с помощью ``python3 -m pip install " "[your-package]``." -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" @@ -29485,7 +29926,7 @@ msgstr "" "На этом этапе, если вы хотите прочитать больше об упаковке библиотек Python, " "вот некоторые вещи, которые вы можете сделать:" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " @@ -29505,7 +29946,7 @@ msgstr "" "index>` на этом сайте или в :doc:`discussions ` для " "объяснений и справочной информации по конкретным темам." -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" @@ -29515,11 +29956,11 @@ msgstr "" "командной строки для управления проектом и упаковки, такие как :ref:" "`hatch`, :ref:`flit`, :ref:`pdm` и :ref:`poetry`." -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "Примечания" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__ Python installations. Anaconda Python is a distribution " +#~ "from `Anaconda, Inc `__ " +#~ "specifically aimed at the scientific community, and in particular on " +#~ "Windows where the installation of binary extensions is often difficult." +#~ msgstr "" +#~ "conda - это инструмент управления пакетами для установки `Anaconda " +#~ "`__ Python. Anaconda Python - это " +#~ "дистрибутив от `Anaconda, Inc `__, ориентированный на научное сообщество, в частности, на " +#~ "Windows, где установка бинарных расширений часто бывает затруднена." + +#~ msgid "" +#~ "You will be prompted for a username and password. For the username, use " +#~ "``__token__``. For the password, use the token value, including the " +#~ "``pypi-`` prefix." +#~ msgstr "" +#~ "Вам будет предложено ввести имя пользователя и пароль. Для имени " +#~ "пользователя используйте ``__token__``. Для пароля используйте значение " +#~ "токена, включая префикс ``pypi-``." + #~ msgid "" #~ "A table of URLs where the key is the URL label and the value is the URL " #~ "itself." diff --git a/locales/sai/LC_MESSAGES/messages.po b/locales/sai/LC_MESSAGES/messages.po index 625ee245f..1a323da04 100644 --- a/locales/sai/LC_MESSAGES/messages.po +++ b/locales/sai/LC_MESSAGES/messages.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-10-30 00:39+0000\n" +"POT-Creation-Date: 2024-11-25 21:53+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" @@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)" msgstr "" #: ../source/discussions/deploying-python-applications.rst:118 -#: ../source/key_projects.rst:572 +#: ../source/key_projects.rst:576 msgid "pex" msgstr "" @@ -1882,7 +1882,7 @@ msgid "" msgstr "" #: ../source/discussions/versioning.rst:6 -#: ../source/specifications/simple-repository-api.rst:310 +#: ../source/specifications/simple-repository-api.rst:319 msgid "Versioning" msgstr "" @@ -2633,29 +2633,16 @@ msgid "" msgstr "" #: ../source/glossary.rst:121 -msgid "Known Good Set (KGS)" -msgstr "" - -#: ../source/glossary.rst:124 -msgid "" -"A set of distributions at specified versions which are compatible with each " -"other. Typically a test suite will be run which passes all tests before a " -"specific set of packages is declared a known good set. This term is commonly " -"used by frameworks and toolkits which are comprised of multiple individual " -"distributions." -msgstr "" - -#: ../source/glossary.rst:130 msgid "Import Package" msgstr "" -#: ../source/glossary.rst:133 +#: ../source/glossary.rst:124 msgid "" "A Python module which can contain other modules or recursively, other " "packages." msgstr "" -#: ../source/glossary.rst:136 +#: ../source/glossary.rst:127 msgid "" "An import package is more commonly referred to with the single word " "\"package\", but this guide will use the expanded term when more clarity is " @@ -2664,17 +2651,30 @@ msgid "" "package` for a breakdown of the differences." msgstr "" -#: ../source/glossary.rst:142 +#: ../source/glossary.rst:133 msgid "Installed Project" msgstr "" -#: ../source/glossary.rst:145 +#: ../source/glossary.rst:136 msgid "" "A :term:`Project` that is installed for use with a Python interpreter or :" "term:`Virtual Environment`, as described in the specicifcation :ref:" "`recording-installed-packages`." msgstr "" +#: ../source/glossary.rst:140 +msgid "Known Good Set (KGS)" +msgstr "" + +#: ../source/glossary.rst:143 +msgid "" +"A set of distributions at specified versions which are compatible with each " +"other. Typically a test suite will be run which passes all tests before a " +"specific set of packages is declared a known good set. This term is commonly " +"used by frameworks and toolkits which are comprised of multiple individual " +"distributions." +msgstr "" + #: ../source/glossary.rst:149 msgid "Module" msgstr "" @@ -5085,7 +5085,7 @@ msgid "" "In particular, `NumPy `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Sinhala `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5098,9 +5098,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5213,7 +5213,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5245,28 +5245,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8334,29 +8347,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8367,31 +8402,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9566,44 +9601,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9613,17 +9662,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9631,17 +9680,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9653,38 +9702,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9695,34 +9744,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9730,58 +9779,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9793,18 +9842,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9815,32 +9864,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9848,17 +9897,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9868,49 +9917,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9918,33 +9967,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9955,17 +10004,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9975,33 +10024,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10012,18 +10061,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10051,17 +10100,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10069,7 +10118,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10088,24 +10137,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10113,21 +10162,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10135,34 +10184,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12210,7 +12259,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13280,6 +13329,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13417,7 +13467,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15040,6 +15090,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15210,7 +15556,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17098,11 +17444,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17112,11 +17473,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17126,7 +17487,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17134,7 +17495,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17142,11 +17503,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17156,7 +17517,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17166,14 +17527,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17183,7 +17544,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17191,7 +17552,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17200,38 +17561,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17242,29 +17603,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17273,7 +17634,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17283,48 +17644,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17333,7 +17694,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17345,7 +17706,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17355,18 +17716,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17374,11 +17735,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17386,7 +17747,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17396,7 +17757,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17406,7 +17767,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17414,28 +17775,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17444,37 +17805,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17482,19 +17843,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17547,7 +17908,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17646,27 +18007,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17675,7 +18036,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17686,7 +18047,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17749,11 +18118,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17762,65 +18131,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17828,7 +18197,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17839,7 +18208,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17848,33 +18217,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17884,7 +18253,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17894,7 +18263,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17902,7 +18271,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17913,22 +18282,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17937,25 +18306,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17963,13 +18332,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17979,18 +18348,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17998,7 +18367,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18008,7 +18377,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18016,11 +18385,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18031,7 +18400,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18039,7 +18408,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18048,7 +18417,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18056,7 +18425,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18066,20 +18435,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18087,7 +18456,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18096,18 +18465,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18115,13 +18484,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18130,23 +18499,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18155,63 +18524,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18221,7 +18590,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18229,7 +18598,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18238,21 +18607,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18264,11 +18633,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18276,11 +18645,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18288,7 +18657,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18297,14 +18666,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21762,23 +22137,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21786,28 +22161,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21815,44 +22190,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Slovak `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5230,9 +5230,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5345,7 +5345,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5377,28 +5377,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8490,29 +8503,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8523,31 +8558,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9722,44 +9757,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9769,17 +9818,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9787,17 +9836,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9809,38 +9858,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9851,34 +9900,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9886,58 +9935,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9949,18 +9998,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9971,32 +10020,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -10004,17 +10053,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -10024,49 +10073,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10074,33 +10123,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10111,17 +10160,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10131,33 +10180,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10168,18 +10217,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10207,17 +10256,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10225,7 +10274,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10244,24 +10293,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10269,21 +10318,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10291,34 +10340,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12366,7 +12415,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13436,6 +13485,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13573,7 +13623,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15200,6 +15250,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15372,7 +15718,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17260,11 +17606,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17274,11 +17635,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17288,7 +17649,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17296,7 +17657,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17304,13 +17665,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Translations" msgid "Installers" msgstr "Preklady" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17320,7 +17681,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17330,14 +17691,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17347,7 +17708,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17355,7 +17716,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17364,38 +17725,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17406,29 +17767,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17437,7 +17798,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17447,48 +17808,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17497,7 +17858,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17509,7 +17870,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17519,18 +17880,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17538,11 +17899,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17550,7 +17911,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17560,7 +17921,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17570,7 +17931,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17578,28 +17939,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17608,37 +17969,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17646,19 +18007,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy #| msgid "Project" msgid "Project List" msgstr "Projekt" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17713,7 +18074,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17814,27 +18175,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17843,7 +18204,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17854,7 +18215,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17917,11 +18286,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17930,65 +18299,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17996,7 +18365,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -18007,7 +18376,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -18016,33 +18385,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -18052,7 +18421,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18062,7 +18431,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18070,7 +18439,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18081,22 +18450,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18105,25 +18474,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18131,13 +18500,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18147,18 +18516,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18166,7 +18535,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18176,7 +18545,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18184,11 +18553,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18199,7 +18568,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18207,7 +18576,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18216,7 +18585,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18224,7 +18593,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18234,20 +18603,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18255,7 +18624,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18264,18 +18633,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18283,13 +18652,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18298,23 +18667,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18323,63 +18692,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18389,7 +18758,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18397,7 +18766,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18406,21 +18775,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18432,11 +18801,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18444,11 +18813,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18456,7 +18825,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18465,14 +18834,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21934,23 +22309,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21958,28 +22333,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21987,44 +22362,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5094,9 +5094,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5209,7 +5209,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5241,28 +5241,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8330,29 +8343,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8363,31 +8398,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9562,44 +9597,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9609,17 +9658,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9627,17 +9676,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9649,38 +9698,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9691,34 +9740,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9726,58 +9775,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9789,18 +9838,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9811,32 +9860,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9844,17 +9893,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9864,49 +9913,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9914,33 +9963,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9951,17 +10000,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9971,33 +10020,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10008,18 +10057,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10047,17 +10096,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10065,7 +10114,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10084,24 +10133,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10109,21 +10158,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10131,34 +10180,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12206,7 +12255,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13276,6 +13325,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13413,7 +13463,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15036,6 +15086,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15206,7 +15552,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17094,11 +17440,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17108,11 +17469,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17122,7 +17483,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17130,7 +17491,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17138,11 +17499,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17152,7 +17513,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17162,14 +17523,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17179,7 +17540,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17187,7 +17548,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17196,38 +17557,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17238,29 +17599,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17269,7 +17630,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17279,48 +17640,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17329,7 +17690,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17341,7 +17702,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17351,18 +17712,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17370,11 +17731,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17382,7 +17743,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17392,7 +17753,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17402,7 +17763,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17410,28 +17771,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17440,37 +17801,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17478,19 +17839,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17543,7 +17904,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17642,27 +18003,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17671,7 +18032,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17682,7 +18043,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17745,11 +18114,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17758,65 +18127,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17824,7 +18193,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17835,7 +18204,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17844,33 +18213,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17880,7 +18249,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17890,7 +18259,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17898,7 +18267,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17909,22 +18278,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17933,25 +18302,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17959,13 +18328,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17975,18 +18344,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17994,7 +18363,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18004,7 +18373,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18012,11 +18381,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18027,7 +18396,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18035,7 +18404,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18044,7 +18413,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18052,7 +18421,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18062,20 +18431,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18083,7 +18452,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18092,18 +18461,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18111,13 +18480,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18126,23 +18495,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18151,63 +18520,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18217,7 +18586,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18225,7 +18594,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18234,21 +18603,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18260,11 +18629,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18272,11 +18641,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18284,7 +18653,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18293,14 +18662,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21758,23 +22133,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21782,28 +22157,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21811,44 +22186,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Turkish `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5097,9 +5097,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5212,7 +5212,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5244,28 +5244,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8333,29 +8346,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8366,31 +8401,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9565,44 +9600,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9612,17 +9661,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9630,17 +9679,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9652,38 +9701,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9694,34 +9743,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9729,58 +9778,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9792,18 +9841,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9814,32 +9863,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9847,17 +9896,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9867,49 +9916,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9917,33 +9966,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9954,17 +10003,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9974,33 +10023,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10011,18 +10060,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10050,17 +10099,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10068,7 +10117,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10087,24 +10136,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10112,21 +10161,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10134,34 +10183,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12209,7 +12258,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13279,6 +13328,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13416,7 +13466,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15039,6 +15089,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15209,7 +15555,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17097,11 +17443,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17111,11 +17472,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17125,7 +17486,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17133,7 +17494,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17141,11 +17502,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17155,7 +17516,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17165,14 +17526,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17182,7 +17543,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17190,7 +17551,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17199,38 +17560,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17241,29 +17602,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17272,7 +17633,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17282,48 +17643,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17332,7 +17693,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17344,7 +17705,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17354,18 +17715,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17373,11 +17734,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17385,7 +17746,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17395,7 +17756,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17405,7 +17766,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17413,28 +17774,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17443,37 +17804,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17481,19 +17842,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17546,7 +17907,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17645,27 +18006,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17674,7 +18035,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17685,7 +18046,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17748,11 +18117,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17761,65 +18130,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17827,7 +18196,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17838,7 +18207,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17847,33 +18216,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17883,7 +18252,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17893,7 +18262,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17901,7 +18270,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17912,22 +18281,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17936,25 +18305,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17962,13 +18331,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -17978,18 +18347,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -17997,7 +18366,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18007,7 +18376,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18015,11 +18384,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18030,7 +18399,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18038,7 +18407,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18047,7 +18416,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18055,7 +18424,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18065,20 +18434,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18086,7 +18455,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18095,18 +18464,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18114,13 +18483,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18129,23 +18498,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18154,63 +18523,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18220,7 +18589,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18228,7 +18597,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18237,21 +18606,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18263,11 +18632,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18275,11 +18644,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18287,7 +18656,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18296,14 +18665,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21761,23 +22136,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21785,28 +22160,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21814,44 +22189,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Ukrainian `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5531,9 +5531,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5646,7 +5646,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5678,28 +5678,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8815,29 +8828,51 @@ msgstr "Використання TestPyPI" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8848,41 +8883,41 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`Flit`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 #, fuzzy #| msgid "pip, :ref:`bandersnatch`" msgid ":ref:`Hatch`," msgstr "pip, :ref:`bandersnatch`" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`PDM`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`Pipenv`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 #, fuzzy #| msgid ":ref:`pip`" msgid ":ref:`Poetry`," msgstr ":ref:`pip`" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -10069,44 +10104,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "devpi" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -10116,17 +10165,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -10134,17 +10183,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "enscons" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -10156,38 +10205,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "Hashdist" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -10198,34 +10247,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -10233,60 +10282,60 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "multibuild" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 #, fuzzy #| msgid "`pip-tools `_" msgid "`GitHub `__" msgstr "`pip-tools `_" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -10298,18 +10347,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "pip-tools" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -10320,32 +10369,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "piwheels" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -10353,17 +10402,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "poetry" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -10373,49 +10422,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10423,35 +10472,35 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 #, fuzzy #| msgid "pypiserver" msgid "pypiprivate" msgstr "pypiserver" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "pypiserver" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10462,17 +10511,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10482,33 +10531,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "scikit-build" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10519,20 +10568,20 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 #, fuzzy #| msgid "scikit-build" msgid "scikit-build-core" msgstr "scikit-build" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10560,17 +10609,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10578,7 +10627,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10597,24 +10646,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "zest.releaser" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10622,21 +10671,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "ensurepip" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10644,36 +10693,36 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 #, fuzzy #| msgid "pypiserver" msgid "http.server" msgstr "pypiserver" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "venv" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12727,7 +12776,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13799,6 +13848,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "Специфікація" @@ -13937,7 +13987,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 #, fuzzy msgid "Versions" msgstr "Version" @@ -15593,6 +15643,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15766,7 +16112,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 #, fuzzy #| msgid "Packaging tool recommendations" msgid "Recommendations" @@ -17674,12 +18020,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "Переклади" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17689,11 +18050,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17703,7 +18064,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17711,7 +18072,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17719,13 +18080,13 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy #| msgid "Installer" msgid "Installers" msgstr "Встановлювач" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17735,7 +18096,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17745,14 +18106,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17762,7 +18123,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17770,7 +18131,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17779,38 +18140,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17821,29 +18182,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17852,7 +18213,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17862,50 +18223,50 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy #| msgid "Contents" msgid "Clients" msgstr "Зміст" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17914,7 +18275,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17926,7 +18287,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17936,18 +18297,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17955,11 +18316,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17967,7 +18328,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17977,7 +18338,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17987,7 +18348,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17995,28 +18356,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -18025,38 +18386,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "Переклади" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -18064,19 +18425,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy #| msgid "Project" msgid "Project List" msgstr "Проєкт" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 #, fuzzy #| msgid "For example:" msgid "As an example:" msgstr "Наприклад:" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -18133,7 +18494,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -18234,27 +18595,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -18263,7 +18624,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -18274,7 +18635,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -18339,13 +18708,13 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy #| msgid "Version" msgid "Version + Format Selection" msgstr "Version" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -18354,65 +18723,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -18420,7 +18789,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -18431,7 +18800,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -18440,33 +18809,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -18476,7 +18845,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18486,7 +18855,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18494,7 +18863,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18505,22 +18874,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18529,25 +18898,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18555,13 +18924,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18571,18 +18940,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18590,7 +18959,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18600,7 +18969,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18608,11 +18977,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18623,7 +18992,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18631,7 +19000,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18640,7 +19009,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18648,7 +19017,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18658,20 +19027,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18679,7 +19048,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18688,18 +19057,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18707,13 +19076,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18722,23 +19091,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18747,63 +19116,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18813,7 +19182,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18821,7 +19190,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18830,23 +19199,23 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 #, fuzzy #| msgid "Additional tools" msgid "Additional file information" msgstr "Додаткові інструменти" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18858,11 +19227,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18870,11 +19239,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18882,7 +19251,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18891,14 +19260,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -22406,23 +22781,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "**Вітаємо, ви запакували та розповсюдили Python-проєкт!** ✨ 🍰 ✨" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -22434,7 +22809,7 @@ msgstr "" "видаляє пакунки та облікові записи. Краще використовувати TestPyPI для " "тестування та експериментів, як у цьому туторіалі." -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " @@ -22444,7 +22819,7 @@ msgstr "" "пакунків, ви можете зробити те ж саме, що і в цьому туторіалі, але з цими " "важливими відмінностями:" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 #, fuzzy msgid "" "Choose a memorable and unique name for your package. You don't have to " @@ -22454,7 +22829,7 @@ msgstr "" "Оберіть пам'ятну й унікальну назву для свого пакунку. Вам не потрібно " "додавати своє ім'я користувача, як ви це робили в туторіалі." -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " @@ -22464,7 +22839,7 @@ msgstr "" "окремих сервери, а дані для входу для тестового сервера не підходять до " "основного." -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -22477,7 +22852,7 @@ msgstr "" "repository``; пакунок буде опубліковано на https://pypi.org/ за " "замовчуванням." -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." @@ -22485,7 +22860,7 @@ msgstr "" "Встановіть свій пакунок зі справжнього PyPI за допомогою ``python3 -m pip " "install [your-package]``." -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" @@ -22493,32 +22868,32 @@ msgstr "" "На цьому етапі, якщо ви бажаєте почитати більше про пакування Python-" "бібліотек, то ось що ви можете зробити:" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Vietnamese `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5122,9 +5122,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5237,7 +5237,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5269,28 +5269,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8358,29 +8371,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8391,31 +8426,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr "" -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr "" -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr "" -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr "" -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr "" -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9590,44 +9625,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9637,17 +9686,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9655,17 +9704,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9677,38 +9726,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9719,34 +9768,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9754,58 +9803,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9817,18 +9866,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9839,32 +9888,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9872,17 +9921,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9892,49 +9941,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -9942,33 +9991,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -9979,17 +10028,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -9999,33 +10048,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10036,18 +10085,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10075,17 +10124,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10093,7 +10142,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10112,24 +10161,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10137,21 +10186,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10159,34 +10208,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12234,7 +12283,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13304,6 +13353,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "" @@ -13441,7 +13491,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "" @@ -15064,6 +15114,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15234,7 +15580,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17122,11 +17468,26 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 msgid "Normalized Names" msgstr "" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17136,11 +17497,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17150,7 +17511,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17158,7 +17519,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17166,11 +17527,11 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 msgid "Installers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17180,7 +17541,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17190,14 +17551,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17207,7 +17568,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17215,7 +17576,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17224,38 +17585,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17266,29 +17627,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17297,7 +17658,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17307,48 +17668,48 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 msgid "Clients" msgstr "" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17357,7 +17718,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17369,7 +17730,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17379,18 +17740,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17398,11 +17759,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17410,7 +17771,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17420,7 +17781,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17430,7 +17791,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17438,28 +17799,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17468,37 +17829,37 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 msgid "JSON Serialization" msgstr "" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17506,19 +17867,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 msgid "Project List" msgstr "" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17571,7 +17932,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17670,27 +18031,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17699,7 +18060,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17710,7 +18071,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17773,11 +18142,11 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 msgid "Version + Format Selection" msgstr "" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17786,65 +18155,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17852,7 +18221,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17863,7 +18232,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17872,33 +18241,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -17908,7 +18277,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -17918,7 +18287,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -17926,7 +18295,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -17937,22 +18306,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -17961,25 +18330,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -17987,13 +18356,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18003,18 +18372,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18022,7 +18391,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18032,7 +18401,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18040,11 +18409,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18055,7 +18424,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18063,7 +18432,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18072,7 +18441,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18080,7 +18449,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18090,20 +18459,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18111,7 +18480,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18120,18 +18489,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18139,13 +18508,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18154,23 +18523,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18179,63 +18548,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18245,7 +18614,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18253,7 +18622,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18262,21 +18631,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18288,11 +18657,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18300,11 +18669,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18312,7 +18681,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18321,14 +18690,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21786,23 +22161,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21810,28 +22185,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21839,44 +22214,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Chinese (Simplified Han script) `_ 的系统包管理器提供的内容," -"这与 Python 中的含义不同。" +"“package”,指的是由 ` Linux 发行版 `_ 的系统包管理器提供的内容,这" +"与 Python 中的含义不同。" #: ../source/discussions/distribution-package-vs-import-package.rst:31 msgid "What's an import package?" @@ -807,12 +807,11 @@ msgid "" "is a directory on the file system, containing modules as ``.py`` files and " "subpackages as subdirectories." msgstr "" -"导入包(import package)是一个 Python 模块。因此,当你在 Python 代码中编写 ``" -"import pkg`` 或 ``from pkg import func`` 时, ``pkg`` " -"就是导入包的名称。更准确地说,导入包是可以包含子模块的特殊 Python " -"模块。例如, ``numpy`` 包包含像 ``numpy.linalg`` 和 ``numpy.fft`` " -"这样的模块。通常,导入包是文件系统中的一个目录,其中包含作为 ``.py`` " -"文件的模块和作为子目录的子包。" +"导入包(import package)是一个 Python 模块。因此,当你在 Python 代码中编写 " +"``import pkg`` 或 ``from pkg import func`` 时, ``pkg`` 就是导入包的名称。更" +"准确地说,导入包是可以包含子模块的特殊 Python 模块。例如, ``numpy`` 包包含" +"像 ``numpy.linalg`` 和 ``numpy.fft`` 这样的模块。通常,导入包是文件系统中的一" +"个目录,其中包含作为 ``.py`` 文件的模块和作为子目录的子包。" #: ../source/discussions/distribution-package-vs-import-package.rst:42 msgid "" @@ -841,10 +840,9 @@ msgid "" "blindly install the PyPI package ``foo`` if you see ``import foo``; this may " "install an unintended, and potentially even malicious package.)" msgstr "" -"然而,这只是一种约定。PyPI 和其他包索引 **并不强制要求** " -"分发包的名称与其提供的导入包之间存在任何关系。(其结果是,当你看到 ``import " -"foo`` 时,不能盲目地安装 PyPI 包 ``foo`` " -";这样可能会安装一个非预期的,甚至是恶意的包。)" +"然而,这只是一种约定。PyPI 和其他包索引 **并不强制要求** 分发包的名称与其提供" +"的导入包之间存在任何关系。(其结果是,当你看到 ``import foo`` 时,不能盲目地" +"安装 PyPI 包 ``foo`` ;这样可能会安装一个非预期的,甚至是恶意的包。)" #: ../source/discussions/distribution-package-vs-import-package.rst:59 msgid "" @@ -858,10 +856,10 @@ msgid "" "names between the distribution package and the import package." msgstr "" "一个分发包可以提供一个名称不同的导入包。一个例子是广受欢迎的图像处理库 " -"Pillow_ 。它的分发包名称是 ``Pillow``,但它提供的导入包名称是 " -"``PIL``。这是出于历史原因:Pillow 最初是 PIL 库的一个分支,因此它保留了 " -"``PIL`` 作为导入名称,以便现有的 PIL 用户可以轻松切换到 Pillow " -"。更普遍来说,现有库的分支是导致分发包和导入包名称不同的常见原因。" +"Pillow_ 。它的分发包名称是 ``Pillow``,但它提供的导入包名称是 ``PIL``。这是出" +"于历史原因:Pillow 最初是 PIL 库的一个分支,因此它保留了 ``PIL`` 作为导入名" +"称,以便现有的 PIL 用户可以轻松切换到 Pillow 。更普遍来说,现有库的分支是导致" +"分发包和导入包名称不同的常见原因。" #: ../source/discussions/distribution-package-vs-import-package.rst:69 msgid "" @@ -882,8 +880,8 @@ msgid "" "``attr`` import package with an older but supported API." msgstr "" "相反,一个分发包也可以提供多个导入包,尽管这种情况较为少见。一个例子是 " -"attrs_ 分发包,它提供了一个带有较新 API 的 ``attrs`` 导入包," -"以及一个较旧但仍受支持的 ``attr`` 导入包。" +"attrs_ 分发包,它提供了一个带有较新 API 的 ``attrs`` 导入包,以及一个较旧但仍" +"受支持的 ``attr`` 导入包。" #: ../source/discussions/distribution-package-vs-import-package.rst:81 msgid "How do distribution package names and import package names compare?" @@ -896,9 +894,9 @@ msgid "" "[#non-identifier-mod-name]_. In particular, they use underscores ``_`` as " "word separator and they are case-sensitive." msgstr "" -"导入包的名称应为有效的 Python 标识符(具体规则可以在 Python " -"文档中找到::ref:``)[#non-identifier-mod-name]_ " -"。特别地,它们使用下划线 ``_`` 作为单词分隔符,并且区分大小写。" +"导入包的名称应为有效的 Python 标识符(具体规则可以在 Python 文档中找到::ref:" +"``)[#non-identifier-mod-name]_ 。特别地,它们使用下划" +"线 ``_`` 作为单词分隔符,并且区分大小写。" #: ../source/discussions/distribution-package-vs-import-package.rst:88 msgid "" @@ -910,11 +908,11 @@ msgid "" "``pip install awesome-package`` (the precise rules are given in the :ref:" "`name normalization specification `)." msgstr "" -"另一方面,分发包可以使用连字符 ``-`` 或下划线 ``_`` 。它们还可以包含点号 " -"``.`` ,这有时用于打包 :ref:`命名空间包` " -"的子包。对于大多数用途,它们对大小写和 ``-`` 与 ``_`` 的区别不敏感,例如, ``" -"pip install Awesome_Package`` 和 ``pip install awesome-package`` 是相同的(" -"具体规则可以在 ```` 名称规范中找到)。" +"另一方面,分发包可以使用连字符 ``-`` 或下划线 ``_`` 。它们还可以包含点号 ``." +"`` ,这有时用于打包 :ref:`命名空间包` 的子包。" +"对于大多数用途,它们对大小写和 ``-`` 与 ``_`` 的区别不敏感,例如, ``pip " +"install Awesome_Package`` 和 ``pip install awesome-package`` 是相同的(具体规" +"则可以在 ```` 名称规范中找到)。" #: ../source/discussions/distribution-package-vs-import-package.rst:101 msgid "" @@ -922,8 +920,8 @@ msgid "" "have a valid Python identifier as their name, using :doc:`importlib `, this is vanishingly rare and strongly discouraged." msgstr "" -"尽管从技术上讲,通过使用 :doc:`importlib ` " -"可以导入名称不是有效 Python 标识符的包/模块,但这种情况极为罕见且强烈不推荐。" +"尽管从技术上讲,通过使用 :doc:`importlib ` 可以导入" +"名称不是有效 Python 标识符的包/模块,但这种情况极为罕见且强烈不推荐。" #: ../source/discussions/index.rst:4 msgid "" @@ -1090,9 +1088,9 @@ msgstr "" "在像 PyPI_ 这样的包索引中,你会找到两种格式的文件:**源代码分发包**(简称 " "**sdists**)和 **二进制分发包**,通常称为 **wheels**。例如,`PyPI 上的 pip " "23.3.1 页面 `_ 允许你下载两个文件,``pip-23.3.1.tar.gz`` 和 " -"``pip-23.3.1-py3-none-any.whl``。前者是一个 sdist,后者是一个 " -"wheel。如下面所解释的,这两者有不同的用途。当在 PyPI(或其他地方)发布包时," -"你应该始终上传一个 sdist 和一个或多个 wheel 文件。" +"``pip-23.3.1-py3-none-any.whl``。前者是一个 sdist,后者是一个 wheel。如下面所" +"解释的,这两者有不同的用途。当在 PyPI(或其他地方)发布包时,你应该始终上传一" +"个 sdist 和一个或多个 wheel 文件。" #: ../source/discussions/package-formats.rst:21 msgid "What is a source distribution?" @@ -1108,9 +1106,9 @@ msgid "" "INFO`` file follows the format specified in :ref:`core-metadata` and is not " "intended to be written by hand [#core-metadata-format]_." msgstr "" -"从概念上讲,源代码分发包是原始形式的源代码归档。具体来说,sdist 是一个 ``.tar" -".gz`` 压缩包,包含源代码以及一个额外的特殊文件 ``PKG-INFO`` ,该文件存储项目" -"的元数据。这个文件的存在帮助打包工具提高效率,因为它不需要自己计算元数据。 " +"从概念上讲,源代码分发包是原始形式的源代码归档。具体来说,sdist 是一个 ``." +"tar.gz`` 压缩包,包含源代码以及一个额外的特殊文件 ``PKG-INFO`` ,该文件存储项" +"目的元数据。这个文件的存在帮助打包工具提高效率,因为它不需要自己计算元数据。 " "``PKG-INFO`` 文件遵循 :ref:`core-metadata` 中规定的格式,并不打算手动编写 " "[#core-metadata-format]_ 。" @@ -1122,8 +1120,8 @@ msgid "" "tarfile module ` on any platform." msgstr "" "因此,你可以通过使用标准的工具解压缩 sdist 来检查其内容,这些工具用于处理 " -"tar 归档文件,例如在 UNIX 平台(如 Linux 和 macOS)上使用 ``tar -xvf`` ," -"或者在任何平台上使用 :ref:`Python tarfile 模块的命令行界面 ` 。" #: ../source/discussions/package-formats.rst:36 @@ -1136,12 +1134,11 @@ msgid "" "Homebrew and MacPorts on macOS, ...), who, for various reasons, may prefer " "them over, e.g., pulling from a Git repository." msgstr "" -"Sdists 在打包生态系统中有多个用途。当标准的 Python 包安装工具 :ref:`pip` " -"无法找到要安装的 wheel 时,它会回退到下载源代码分发包,从中编译一个 wheel " -"并安装这个 wheel。此外,sdists 经常作为下游打包者(如 Linux 发行版、Conda、" -"macOS 上的 Homebrew 和 MacPorts " -"等)的包源,因为各种原因,他们可能会更倾向于使用源代码分发包,而不是例如从 " -"Git 仓库中拉取代码。" +"Sdists 在打包生态系统中有多个用途。当标准的 Python 包安装工具 :ref:`pip` 无法" +"找到要安装的 wheel 时,它会回退到下载源代码分发包,从中编译一个 wheel 并安装" +"这个 wheel。此外,sdists 经常作为下游打包者(如 Linux 发行版、Conda、macOS 上" +"的 Homebrew 和 MacPorts 等)的包源,因为各种原因,他们可能会更倾向于使用源代" +"码分发包,而不是例如从 Git 仓库中拉取代码。" #: ../source/discussions/package-formats.rst:44 msgid "" @@ -1179,10 +1176,9 @@ msgid "" "Windows)." msgstr "" "对于包含 :term:`扩展模块 ` 的包(这些模块用 C、C++ 和 Rust " -"等编译语言编写,需要编译成平台相关的机器代码),sdists 和 wheels " -"之间存在很大区别。对于这些包,wheels 不包含源代码(如 C " -"源文件),而是包含已编译的可执行代码(例如 Linux 上的 ``.so`` 文件或 Windows " -"上的 DLL 文件)。" +"等编译语言编写,需要编译成平台相关的机器代码),sdists 和 wheels 之间存在很大" +"区别。对于这些包,wheels 不包含源代码(如 C 源文件),而是包含已编译的可执行" +"代码(例如 Linux 上的 ``.so`` 文件或 Windows 上的 DLL 文件)。" #: ../source/discussions/package-formats.rst:66 msgid "" @@ -1195,8 +1191,8 @@ msgid "" msgstr "" "此外,虽然每个版本的项目只有一个 sdist,但可能有多个 wheels。同样,这在扩展模" "块的上下文中最为相关。扩展模块的编译代码与操作系统和处理器架构相关,通常还与 " -"Python 解释器的版本相关(除非使用 :ref:`Python 稳定 ABI `" -" )。" +"Python 解释器的版本相关(除非使用 :ref:`Python 稳定 ABI ` )。" #: ../source/discussions/package-formats.rst:72 msgid "" @@ -1217,10 +1213,10 @@ msgid "" "Python version instead of one single wheel. Instead, installers like :ref:" "`pip` generate them while installing the package." msgstr "" -"如果你对 ``.pyc`` 字节码文件有所疑问:它们不包含在 wheels " -"中,因为生成它们的成本很低,而且包含它们会不必要地迫使大量包为每个 Python " -"版本分发一个 wheel,而不是一个单一的 wheel。相反,像 :ref:`pip` " -"这样的安装工具会在安装包时生成这些文件。" +"如果你对 ``.pyc`` 字节码文件有所疑问:它们不包含在 wheels 中,因为生成它们的" +"成本很低,而且包含它们会不必要地迫使大量包为每个 Python 版本分发一个 wheel," +"而不是一个单一的 wheel。相反,像 :ref:`pip` 这样的安装工具会在安装包时生成这" +"些文件。" #: ../source/discussions/package-formats.rst:83 msgid "" @@ -1234,10 +1230,10 @@ msgid "" "integrity." msgstr "" "尽管如此,即使对于纯 Python 项目,sdists 和 wheels 之间仍然存在重要的区别。" -"Wheels 的目的是包含要安装的内容,并且不包含其他内容。特别是,wheels " -"不应包含测试和文档,而 sdists 通常会包含这些。此外,wheel 格式比 sdist " -"更复杂。例如,它包含一个特殊文件—— ``RECORD`` ,该文件列出了 wheel " -"中的所有文件及其内容的哈希值,用作下载完整性的安全检查。" +"Wheels 的目的是包含要安装的内容,并且不包含其他内容。特别是,wheels 不应包含" +"测试和文档,而 sdists 通常会包含这些。此外,wheel 格式比 sdist 更复杂。例如," +"它包含一个特殊文件—— ``RECORD`` ,该文件列出了 wheel 中的所有文件及其内容的哈" +"希值,用作下载完整性的安全检查。" #: ../source/discussions/package-formats.rst:91 msgid "" @@ -1252,13 +1248,13 @@ msgid "" "for your users, since a wheel is directly installable. By only including " "files that must be installed, wheels also make for smaller downloads." msgstr "" -"乍一看,你可能会想,\"纯粹的基础\" Python 项目是否真的需要 wheels。请记住," -"由于 sdists 的灵活性,像 pip 这样的安装工具不能直接从 sdists 安装——" -"它们需要首先通过调用 sdist 指定的 :term:`build backend` 来构建一个 wheel(" -"构建后端在构建 wheel 时可能会执行各种转换,例如编译 C 扩展)。因此,即使是纯 " -"Python 项目,你也应该始终将 *sdist* 和 *wheel* 都上传到 PyPI " -"或其他包索引。这会使你的用户安装速度更快,因为 wheel " -"可以直接安装。通过只包含必须安装的文件,wheels 也使得下载文件更小。" +"乍一看,你可能会想,\"纯粹的基础\" Python 项目是否真的需要 wheels。请记住,由" +"于 sdists 的灵活性,像 pip 这样的安装工具不能直接从 sdists 安装——它们需要首先" +"通过调用 sdist 指定的 :term:`build backend` 来构建一个 wheel(构建后端在构建 " +"wheel 时可能会执行各种转换,例如编译 C 扩展)。因此,即使是纯 Python 项目,你" +"也应该始终将 *sdist* 和 *wheel* 都上传到 PyPI 或其他包索引。这会使你的用户安" +"装速度更快,因为 wheel 可以直接安装。通过只包含必须安装的文件,wheels 也使得" +"下载文件更小。" #: ../source/discussions/package-formats.rst:102 msgid "" @@ -1269,11 +1265,11 @@ msgid "" "interface of Python's zipfile module `. This can " "be very useful to check that the wheel includes all the files you need it to." msgstr "" -"在技术层面上,wheel 是一个 ZIP 归档文件(与 sdist 的 TAR 归档文件不同)。" -"你可以通过像处理普通 ZIP 归档文件一样解压它来检查其内容,例如,在 Linux 和 " -"macOS 等 UNIX 平台上使用 ``unzip`` ,在 Windows 上使用 Powershell 的 " -"``Expand-Archive`` ,或使用 :ref:`Python zipfile 模块的命令行界面 ` 。这对于检查 wheel 是否包含你需要的所有文件非常有用。" +"在技术层面上,wheel 是一个 ZIP 归档文件(与 sdist 的 TAR 归档文件不同)。你可" +"以通过像处理普通 ZIP 归档文件一样解压它来检查其内容,例如,在 Linux 和 macOS " +"等 UNIX 平台上使用 ``unzip`` ,在 Windows 上使用 Powershell 的 ``Expand-" +"Archive`` ,或使用 :ref:`Python zipfile 模块的命令行界面 ` 。这对于检查 wheel 是否包含你需要的所有文件非常有用。" #: ../source/discussions/package-formats.rst:109 msgid "" @@ -1283,10 +1279,10 @@ msgid "" "equivalent of ``PKG-INFO`` in sdists, as well as ``RECORD``. This can be " "useful to ensure no files are missing from your wheels." msgstr "" -"在 wheel 中,你会找到包的文件,以及一个名为 :samp:`{package_name}-{version" -"}.dist-info` 的额外目录。该目录包含多个文件,其中包括 ``METADATA`` 文件," -"它相当于 sdist 中的 ``PKG-INFO`` ,以及 ``RECORD`` 文件。这对于确保你的 " -"wheel 中没有缺失文件非常有用。" +"在 wheel 中,你会找到包的文件,以及一个名为 :samp:`{package_name}-{version}." +"dist-info` 的额外目录。该目录包含多个文件,其中包括 ``METADATA`` 文件,它相当" +"于 sdist 中的 ``PKG-INFO`` ,以及 ``RECORD`` 文件。这对于确保你的 wheel 中没" +"有缺失文件非常有用。" #: ../source/discussions/package-formats.rst:115 msgid "" @@ -1296,10 +1292,10 @@ msgid "" "the wheel is compatible with. For example, the name ``pip-23.3.1-py3-none-" "any.whl`` means that:" msgstr "" -"一个 wheel 的文件名(忽略一些很少使用的特性)看起来是这样的: " -":samp:`{package_name}-{version}-{python_tag}-{abi_tag}-{platform_tag}.whl`。" -"这种命名约定用于标识 wheel 与哪些平台和 Python 版本兼容。例如,文件名 " -"``pip-23.3.1-py3-none-any.whl`` 意味着:" +"一个 wheel 的文件名(忽略一些很少使用的特性)看起来是这样的: :samp:" +"`{package_name}-{version}-{python_tag}-{abi_tag}-{platform_tag}.whl`。这种命" +"名约定用于标识 wheel 与哪些平台和 Python 版本兼容。例如,文件名 ``pip-23.3.1-" +"py3-none-any.whl`` 意味着:" #: ../source/discussions/package-formats.rst:121 msgid "" @@ -1322,8 +1318,9 @@ msgstr "(``any``) 它不依赖于任何平台。" msgid "" "The pattern ``py3-none-any`` is common for pure Python projects. Packages " "with extension modules typically ship multiple wheels with more complex tags." -msgstr "``py3-none-any`` 这个模式通常用于纯 Python 项目。" -"包含扩展模块的包通常会提供多个具有更复杂标签的 wheels 。" +msgstr "" +"``py3-none-any`` 这个模式通常用于纯 Python 项目。包含扩展模块的包通常会提供多" +"个具有更复杂标签的 wheels 。" #: ../source/discussions/package-formats.rst:130 msgid "" @@ -1355,8 +1352,8 @@ msgid "" "The egg format was introduced by :ref:`setuptools` in 2004, whereas the " "wheel format was introduced by :pep:`427` in 2012." msgstr "" -":term:`Egg` 格式是由 :ref:`setuptools` 在2004年引入的,而 :term:`Wheel` " -"格式是由 :pep:`427` 在2012年引入。" +":term:`Egg` 格式是由 :ref:`setuptools` 在2004年引入的,而 :term:`Wheel` 格式" +"是由 :pep:`427` 在2012年引入。" #: ../source/discussions/package-formats.rst:149 msgid "" @@ -1373,9 +1370,9 @@ msgid "" "and a runtime installation format (if left zipped), and was designed to be " "importable." msgstr "" -":term:`Wheel`是一种 :term:`分发 `格式,也就是一种打包格式。 [1]_ :term:`Egg` 既是一种发行格式,也是一" -"种运行时的安装格式(如果留下压缩包),并被设计为可导入。" +":term:`Wheel`是一种 :term:`分发 `格式,也就是一种打包格" +"式。 [1]_ :term:`Egg` 既是一种发行格式,也是一种运行时的安装格式(如果留下压" +"缩包),并被设计为可导入。" #: ../source/discussions/package-formats.rst:156 msgid "" @@ -1385,18 +1382,17 @@ msgid "" "\"universal\", similar to an :term:`sdist `." msgstr "" -":term:`Wheel`格式不包括 ``.pyc`` 文件。因此,当发行版只包含 Python " -"文件(即没有编译的扩展),并且与 Python 2 和 3 兼容时,wheel 有可能是 " -"「通用」的,类似于 :term:`sdist ` " -"(源分发)。" +":term:`Wheel`格式不包括 ``.pyc`` 文件。因此,当发行版只包含 Python 文件(即没" +"有编译的扩展),并且与 Python 2 和 3 兼容时,wheel 有可能是 「通用」的,类似" +"于 :term:`sdist ` (源分发)。" #: ../source/discussions/package-formats.rst:161 msgid "" "Wheel uses standard :ref:`.dist-info directories `. Egg used ``.egg-info``." msgstr "" -"Wheel 使用标准 :ref:`.dist-info 目录 ` 。Egg " -"使用 ``.egg-info`` 。" +"Wheel 使用标准 :ref:`.dist-info 目录 ` 。Egg 使" +"用 ``.egg-info`` 。" #: ../source/discussions/package-formats.rst:164 msgid "" @@ -1404,15 +1400,16 @@ msgid "" "single wheel archive can indicate its compatibility with a number of Python " "language versions and implementations, ABIs, and system architectures." msgstr "" -":term:`Wheel`有一个 :pep:`更丰富的文件命名约定 <425>`。一个单一的 wheel " -"档案可以表明它与许多 Python 语言版本和工具、ABI 以及系统架构的兼容性。" +":term:`Wheel`有一个 :pep:`更丰富的文件命名约定 <425>`。一个单一的 wheel 档案" +"可以表明它与许多 Python 语言版本和工具、ABI 以及系统架构的兼容性。" #: ../source/discussions/package-formats.rst:168 msgid "" "Wheel is versioned. Every wheel file contains the version of the wheel " "specification and the implementation that packaged it." -msgstr ":term:`Wheel` 是有版本的。每个 wheel 文件都包含 wheel " -"规范的版本和包装它的工具。" +msgstr "" +":term:`Wheel` 是有版本的。每个 wheel 文件都包含 wheel 规范的版本和包装它的工" +"具。" #: ../source/discussions/package-formats.rst:171 msgid "" @@ -1443,8 +1440,8 @@ msgid "" "format, although :ref:`this is not officially supported at this time `." msgstr "" -"在某些情况下,wheels 可以作为可导入的运行时格式使用,尽管 :ref:`" -"目前官方并不支持这种用法 ` 。" +"在某些情况下,wheels 可以作为可导入的运行时格式使用,尽管 :ref:`目前官方并不" +"支持这种用法 ` 。" #: ../source/discussions/pip-vs-easy-install.rst:6 msgid "pip vs easy_install" @@ -1620,10 +1617,10 @@ msgid "" "example (a similar practice is used by other tools like *nox* and its :file:" "`noxfile.py` configuration file, or *pytest* and :file:`conftest.py`)." msgstr "" -"Setuptools 完全可以作为打包 Python 项目的 :term:`构建后端` 使用。而 " -":file:`setup.py` 是一个有效的 :ref:`setuptools` 配置文件,它恰好是用 Python " -"编写的,而不是使用 *TOML* (例如,其他工具如 *nox* 及其 :file:`noxfile.py` " -"配置文件,或 *pytest* 及其 :file:`conftest.py` 文件也采用类似做法)。" +"Setuptools 完全可以作为打包 Python 项目的 :term:`构建后端` 使用。而 :file:" +"`setup.py` 是一个有效的 :ref:`setuptools` 配置文件,它恰好是用 Python 编写" +"的,而不是使用 *TOML* (例如,其他工具如 *nox* 及其 :file:`noxfile.py` 配置文" +"件,或 *pytest* 及其 :file:`conftest.py` 文件也采用类似做法)。" #: ../source/discussions/setup-py-deprecated.rst:18 msgid "" @@ -1696,9 +1693,9 @@ msgid "" "what ``python -m build`` does. If necessary the ``--sdist`` and ``--wheel`` " "options can be used to generate only one or the other." msgstr "" -"这需要 :ref:`build` 依赖项。建议始终构建并发布项目的源代码分发包和 wheel," -"这正是 ``python -m build`` 所做的。如果需要,可以使用 ``--sdist`` 和 " -"``--wheel`` 选项仅生成其中之一。" +"这需要 :ref:`build` 依赖项。建议始终构建并发布项目的源代码分发包和 wheel,这" +"正是 ``python -m build`` 所做的。如果需要,可以使用 ``--sdist`` 和 ``--" +"wheel`` 选项仅生成其中之一。" #: ../source/discussions/setup-py-deprecated.rst:52 msgid "" @@ -1712,12 +1709,11 @@ msgid "" "would also be a valid command: ``python -m pip install path/to/project``." msgstr "" "为了安装基于 setuptools 的项目,过去通常会运行 :file:`setup.py` 的 " -"``install`` 命令,例如: ``python setup.py install`` 。如今," -"推荐的方法是直接使用 :ref:`pip` , 命令如下: ``python -m pip install .`` 。" -"其中点号 ``.`` 实际上是一个文件系统路径,表示当前目录的路径符号。实际上, " -"*pip* 接受本地文件系统上项目源代码目录的路径作为其 ``install`` " -"子命令的参数。因此,以下命令也是有效的: ``python -m pip install path/to/" -"project`` 。" +"``install`` 命令,例如: ``python setup.py install`` 。如今,推荐的方法是直接" +"使用 :ref:`pip` , 命令如下: ``python -m pip install .`` 。其中点号 ``.`` 实" +"际上是一个文件系统路径,表示当前目录的路径符号。实际上, *pip* 接受本地文件系" +"统上项目源代码目录的路径作为其 ``install`` 子命令的参数。因此,以下命令也是有" +"效的: ``python -m pip install path/to/project`` 。" #: ../source/discussions/setup-py-deprecated.rst:65 msgid "" @@ -1725,9 +1721,9 @@ msgid "" "``python setup.py develop`` one can use the ``--editable`` option of pip's " "*install* sub-command: ``python -m pip install --editable .``." msgstr "" -"至于 *develop* 模式,也就是 *editable* 模式的安装,除了使用 ``python " -"setup.py develop`` ,还可以使用 pip 的 *install* 子命令的 ``--editable`` " -"选项: ``python -m pip install --editable .`` 。" +"至于 *develop* 模式,也就是 *editable* 模式的安装,除了使用 ``python setup." +"py develop`` ,还可以使用 pip 的 *install* 子命令的 ``--editable`` 选项: " +"``python -m pip install --editable .`` 。" #: ../source/discussions/setup-py-deprecated.rst:70 msgid "" @@ -1739,11 +1735,11 @@ msgid "" "generate only one or the other. Note that the build tool needs to be " "installed separately." msgstr "" -"构建 :term:`源代码分发包 ` 和 :term:`" -"wheels ` 的一种推荐、简单且直接的方法是使用 :ref:`build` " -"工具,命令如下: ``python -m " -"build``,该命令会触发生成这两种分发格式。如果需要,可以使用 ``--sdist`` 和 " -"``--wheel`` 选项仅生成其中之一。请注意,build 工具需要单独安装。" +"构建 :term:`源代码分发包 ` 和 :term:" +"`wheels ` 的一种推荐、简单且直接的方法是使用 :ref:`build` 工具,命令如" +"下: ``python -m build``,该命令会触发生成这两种分发格式。如果需要,可以使用 " +"``--sdist`` 和 ``--wheel`` 选项仅生成其中之一。请注意,build 工具需要单独安" +"装。" #: ../source/discussions/setup-py-deprecated.rst:80 msgid "" @@ -1798,8 +1794,8 @@ msgid "" "But might be necessary on other :term:`package indexes ` (for " "example :ref:`devpi`)." msgstr "" -"在 :term:`PyPI ` 上不必要,也不被支持。但在其他 " -":term:`包索引 ` 上可能是必要的(例如 :ref:`devpi` )。" +"在 :term:`PyPI ` 上不必要,也不被支持。但在其" +"他 :term:`包索引 ` 上可能是必要的(例如 :ref:`devpi` )。" #: ../source/discussions/setup-py-deprecated.rst:112 msgid "``python setup.py --version``" @@ -1946,8 +1942,8 @@ msgid "" "not deprecated. Those will be automatically called as expected." msgstr "" "自定义构建步骤,例如覆盖现有步骤(如 ``build_py`` 、 ``build_ext`` 和 " -"``bdist_wheel`` " -")或添加新的构建步骤,并没有被弃用。这些步骤将会按预期自动调用。" +"``bdist_wheel`` )或添加新的构建步骤,并没有被弃用。这些步骤将会按预期自动调" +"用。" #: ../source/discussions/setup-py-deprecated.rst:175 #: ../source/guides/modernize-setup-py-project.rst:21 @@ -1988,9 +1984,9 @@ msgid "" "table is to assume that the :term:`build backend ` is " "setuptools." msgstr "" -"在没有 :file:`pyproject.toml` 文件及其 ``[build-system]`` 表的情况下, " -":term:`构建前端 ` 的标准回退行为是默认假设 :term:`构建后端 " -"` 是 setuptools。" +"在没有 :file:`pyproject.toml` 文件及其 ``[build-system]`` 表的情况下, :term:" +"`构建前端 ` 的标准回退行为是默认假设 :term:`构建后端 ` 是 setuptools。" #: ../source/discussions/setup-py-deprecated.rst:204 msgid "Why? What does it all mean?" @@ -2035,25 +2031,26 @@ msgid "" "same version specifier as :func:`importlib.metadata.version` reports for the " "distribution package (as described in :ref:`runtime-version-access`)." msgstr "" -"许多 Python :term:`分发包 ` 发布一个单一的 Python " -":term:`导入包 ` ,在这种情况下,希望导入包上的运行时 " -"``__version__`` 属性报告与 :func:`importlib.metadata.version` " -"为分发包报告的相同版本说明符(如 :ref:`运行时版本访问 ` 中所述)。" +"许多 Python :term:`分发包 ` 发布一个单一的 Python :" +"term:`导入包 ` ,在这种情况下,希望导入包上的运行时 " +"``__version__`` 属性报告与 :func:`importlib.metadata.version` 为分发包报告的" +"相同版本说明符(如 :ref:`运行时版本访问 ` 中所述)。" #: ../source/discussions/single-source-version.rst:16 msgid "" "It is also frequently desired that this version information be derived from " "a version control system *tag* (such as ``v1.2.3``) rather than being " "manually updated in the source code." -msgstr "此外,通常希望该版本信息是从版本控制系统的 *标签* (如 ``v1.2.3`` " -")中派生的,而不是手动在源代码中更新。" +msgstr "" +"此外,通常希望该版本信息是从版本控制系统的 *标签* (如 ``v1.2.3`` )中派生" +"的,而不是手动在源代码中更新。" #: ../source/discussions/single-source-version.rst:20 msgid "" "Some projects may choose to simply live with the data entry duplication, and " "rely on automated testing to ensure the different values do not diverge." -msgstr "一些项目可能选择容忍数据输入的重复,并依赖自动化测试来确保不同的值不会出现偏" +msgstr "" +"一些项目可能选择容忍数据输入的重复,并依赖自动化测试来确保不同的值不会出现偏" "差。" #: ../source/discussions/single-source-version.rst:23 @@ -2070,14 +2067,16 @@ msgstr "一般而言,选项包括:" msgid "" "If the code is in a version control system (VCS), such as Git, then the " "version can be extracted from the VCS." -msgstr "如果代码位于版本控制系统 (VCS)(例如 Git)中,则可以从 VCS 中提取版本。" +msgstr "" +"如果代码位于版本控制系统 (VCS)(例如 Git)中,则可以从 VCS 中提取版本。" #: ../source/discussions/single-source-version.rst:30 msgid "" "The version can be hard-coded into the :file:`pyproject.toml` file -- and " "the build system can copy it into other locations it may be required." -msgstr "该版本可以硬编码到: :file:`pyproject.toml` " -"文件中——并且构建系统可以将其复制到可能需要的其他位置。" +msgstr "" +"该版本可以硬编码到: :file:`pyproject.toml` 文件中——并且构建系统可以将其复制" +"到可能需要的其他位置。" #: ../source/discussions/single-source-version.rst:33 msgid "" @@ -2087,10 +2086,10 @@ msgid "" "attribute in a particular module, such as :file:`__init__.py`. The build " "system can then extract it from the runtime location at build time." msgstr "" -"版本字符串可以被硬编码到源代码中——可以是在一个特殊用途的文件中,例如 " -":file:`_version.txt`(该文件必须作为项目源代码分发包的一部分进行发布),或者" -"作为特定模块中的一个属性,例如 :file:`__init__.py` " -"。构建系统随后可以在构建时从运行时位置提取它。" +"版本字符串可以被硬编码到源代码中——可以是在一个特殊用途的文件中,例如 :file:" +"`_version.txt`(该文件必须作为项目源代码分发包的一部分进行发布),或者作为特" +"定模块中的一个属性,例如 :file:`__init__.py` 。构建系统随后可以在构建时从运行" +"时位置提取它。" #: ../source/discussions/single-source-version.rst:38 msgid "Consult your build system's documentation for their recommended method." @@ -2105,9 +2104,9 @@ msgid "" "for many projects, ``import_name`` and ``dist-name`` will be the same name)." msgstr "" "当目标是让分发包及其关联的导入包共享相同的版本时,建议项目包括一个自动化测试" -"用例,确保 ``import_name.__version__`` 和 ``importlib.metadata.version" -"(\"dist-name\")`` 报告相同的值(注意:对于许多项目, ``import_name`` 和 " -"``dist-name`` 将是相同的名称)。" +"用例,确保 ``import_name.__version__`` 和 ``importlib.metadata." +"version(\"dist-name\")`` 报告相同的值(注意:对于许多项目, ``import_name`` " +"和 ``dist-name`` 将是相同的名称)。" #: ../source/discussions/single-source-version.rst:50 msgid "Build System Version Handling" @@ -2190,9 +2189,9 @@ msgid "" "` is used for development and a " "regular installation is used for testing)." msgstr "" -"这意味着 `src` 布局在项目的开发工作流程中涉及一个额外的步骤(通常," -"在开发中使用 :doc:`可编辑安装 ` " -",在测试中使用常规安装)。" +"这意味着 `src` 布局在项目的开发工作流程中涉及一个额外的步骤(通常,在开发中使" +"用 :doc:`可编辑安装 ` ,在测试中使用常" +"规安装)。" #: ../source/discussions/src-layout-vs-flat-layout.rst:56 msgid "" @@ -2248,9 +2247,9 @@ msgid "" "``noxfile.py``) on the import path. This would make certain imports work in " "editable installations but not regular installations." msgstr "" -"扁平布局会将其他项目文件(例如: ``README.md`` 、 ``tox.ini`` " -")和打包/工具配置文件(例如: ``setup.py`` 、 ``noxfile.py`` " -")添加到导入路径。这会使某些导入在可编辑安装中工作,但在常规安装中无法工作。" +"扁平布局会将其他项目文件(例如: ``README.md`` 、 ``tox.ini`` )和打包/工具配" +"置文件(例如: ``setup.py`` 、 ``noxfile.py`` )添加到导入路径。这会使某些导" +"入在可编辑安装中工作,但在常规安装中无法工作。" #: ../source/discussions/src-layout-vs-flat-layout.rst:86 msgid "Running a command-line interface from source with src-layout" @@ -2268,12 +2267,12 @@ msgid "" msgstr "" "由于前述的 `src` 布局的特点,命令行界面不能直接从 :term:`源代码树 ` 运行,而需要将包安装为 :doc:`开发模式 ` 以便进行测试。由于在某些情况下这可能不太实际," -"一个解决方法是在通过其 :file:`__main__.py` 文件调用时,将包文件夹添加到 " -"Python 的 :py:data:`sys.path` 中:" +"development_mode>` 以便进行测试。由于在某些情况下这可能不太实际,一个解决方法" +"是在通过其 :file:`__main__.py` 文件调用时,将包文件夹添加到 Python 的 :py:" +"data:`sys.path` 中:" #: ../source/discussions/versioning.rst:6 -#: ../source/specifications/simple-repository-api.rst:310 +#: ../source/specifications/simple-repository-api.rst:319 msgid "Versioning" msgstr "版本" @@ -2294,9 +2293,9 @@ msgid "" "`specification of version specifiers `. Here are some " "examples of version numbers [#version-examples]_:" msgstr "" -"不同的 Python 项目可能根据各自的需求使用不同的版本控制方案,但为了与像 " -":ref:`pip` 这样的工具兼容,所有这些项目都需要遵循一个灵活的版本标识符格式," -"权威参考是 :ref:`版本规范说明 ` 。以下是一些版本号的示例 " +"不同的 Python 项目可能根据各自的需求使用不同的版本控制方案,但为了与像 :ref:" +"`pip` 这样的工具兼容,所有这些项目都需要遵循一个灵活的版本标识符格式,权威参" +"考是 :ref:`版本规范说明 ` 。以下是一些版本号的示例 " "[#version-examples]_ :" #: ../source/discussions/versioning.rst:21 @@ -2351,17 +2350,17 @@ msgid "" "``pip install pkg==1.1a3`` or ``pip install --pre pkg``)." msgstr "" "项目可以使用一系列的预发布版本,以便在最终发布之前支持用户进行测试。步骤顺序" -"为:alpha 版本、beta 版本、候选发布版本、最终发布版本。默认情况下,pip " -"和其他现代 Python " -"包安装器在决定安装哪些依赖版本时,会忽略预发布版本,除非明确请求(例如,使用 " -"``pip install pkg==1.1a3`` 或 ``pip install --pre pkg`` )。" +"为:alpha 版本、beta 版本、候选发布版本、最终发布版本。默认情况下,pip 和其他" +"现代 Python 包安装器在决定安装哪些依赖版本时,会忽略预发布版本,除非明确请求" +"(例如,使用 ``pip install pkg==1.1a3`` 或 ``pip install --pre pkg`` )。" #: ../source/discussions/versioning.rst:39 msgid "" "The purpose of development releases is to support releases made early during " "a development cycle, for example, a nightly build, or a build from the " "latest source in a Linux distribution." -msgstr "开发版本的目的是支持在开发周期初期发布的版本,例如,每日构建版本或来自 Linux " +msgstr "" +"开发版本的目的是支持在开发周期初期发布的版本,例如,每日构建版本或来自 Linux " "发行版最新源代码的构建版本。" #: ../source/discussions/versioning.rst:43 @@ -2373,8 +2372,8 @@ msgid "" "semantic versioning)." msgstr "" "后发布版本用于修复最终版本中的轻微错误,这些错误不会影响分发的软件,例如修正" -"发布说明中的错误。它们不应用于修复 bug;这些应该通过发布新的最终版本来处理(" -"例如,在使用语义版本控制时,增加第三个版本号)。" +"发布说明中的错误。它们不应用于修复 bug;这些应该通过发布新的最终版本来处理" +"(例如,在使用语义版本控制时,增加第三个版本号)。" #: ../source/discussions/versioning.rst:49 msgid "" @@ -2386,11 +2385,11 @@ msgid "" "epoch, as in \"1!1.0\", in order to be treated as more recent than the old " "version numbers." msgstr "" -"最后,epoch(纪元)是一个很少使用的特性,用于在更改版本控制方案时修正排序顺序" -"。例如,如果一个项目使用日历版本控制,版本号如 23." -"12,然后切换到语义版本控制,版本号如 1.0,那么 1.0 和 23.12 " -"的比较顺序将会错误。为了修正这一点,新的版本号应该具有明确的 epoch,例如 \"1" -"!1.0\",这样可以确保它比旧的版本号更为新颖。" +"最后,epoch(纪元)是一个很少使用的特性,用于在更改版本控制方案时修正排序顺" +"序。例如,如果一个项目使用日历版本控制,版本号如 23.12,然后切换到语义版本控" +"制,版本号如 1.0,那么 1.0 和 23.12 的比较顺序将会错误。为了修正这一点,新的" +"版本号应该具有明确的 epoch,例如 \"1!1.0\",这样可以确保它比旧的版本号更为新" +"颖。" #: ../source/discussions/versioning.rst:59 msgid "Semantic versioning vs. calendar versioning" @@ -2438,8 +2437,8 @@ msgid "" "The idea of *semantic versioning* (or SemVer) is to use 3-part version " "numbers, *major.minor.patch*, where the project author increments:" msgstr "" -"*语义版本控制* (或称 SemVer)的理念是使用三部分版本号, *major.minor.patch* " -",其中项目作者根据以下规则进行版本号递增:" +"*语义版本控制* (或称 SemVer)的理念是使用三部分版本号, *major.minor." +"patch* ,其中项目作者根据以下规则进行版本号递增:" #: ../source/discussions/versioning.rst:89 msgid "*major* when they make incompatible API changes," @@ -2468,8 +2467,8 @@ msgstr "" "大多数 Python 项目使用类似于语义版本控制的版本方案。然而,大多数项目,尤其是" "较大的项目,并不严格遵循语义版本控制,因为许多变化在技术上是破坏兼容性的,但" "仅影响一小部分用户。这类项目通常在不兼容性较大时递增主版本号,或用来表示项目" -"的重大变化,而不是为了任何微小的不兼容性 [#semver-strictness] " -"。相反,主版本号的递增有时也用来表示重要但向后兼容的新特性。" +"的重大变化,而不是为了任何微小的不兼容性 [#semver-strictness] 。相反,主版本" +"号的递增有时也用来表示重要但向后兼容的新特性。" #: ../source/discussions/versioning.rst:103 msgid "" @@ -2482,19 +2481,20 @@ msgid "" "equivalent to ``name >= X.Y.Z, == X.Y.*``, i.e., it requires at least X.Y.Z " "and allows a later release with same X and Y but higher Z." msgstr "" -"对于那些确实使用严格语义版本控制的项目,这种方法允许用户使用 :ref:`" -"兼容发布版本说明符 ` ,并使用 ``~=`` " -"运算符。例如, ``name ~= X.Y`` 大致等价于 ``name >= X.Y, == X.*`` ," -"即它要求至少是 X.Y 版本,并允许任何 X 不变且 Y 较大的后续版本。同样, ``name " -"~= X.Y.Z`` 大致等价于 ``name >= X.Y.Z, == X.Y.*`` ,即要求至少是 X.Y.Z 版本," -"并允许任何 X 和 Y 相同但 Z 较大的后续版本。" +"对于那些确实使用严格语义版本控制的项目,这种方法允许用户使用 :ref:`兼容发布版" +"本说明符 ` ,并使用 ``~=`` 运算符。例" +"如, ``name ~= X.Y`` 大致等价于 ``name >= X.Y, == X.*`` ,即它要求至少是 X.Y " +"版本,并允许任何 X 不变且 Y 较大的后续版本。同样, ``name ~= X.Y.Z`` 大致等价" +"于 ``name >= X.Y.Z, == X.Y.*`` ,即要求至少是 X.Y.Z 版本,并允许任何 X 和 Y " +"相同但 Z 较大的后续版本。" #: ../source/discussions/versioning.rst:112 msgid "" "Python projects adopting semantic versioning should abide by clauses 1-8 of " "the `Semantic Versioning 2.0.0 specification `_." -msgstr "采用语义版本控制的 Python 项目应遵守 `语义版本控制 2.0.0 规范 ` " -"的第 1-8 条。" +msgstr "" +"采用语义版本控制的 Python 项目应遵守 `语义版本控制 2.0.0 规范 ` 的" +"第 1-8 条。" #: ../source/discussions/versioning.rst:115 msgid "" @@ -2506,11 +2506,11 @@ msgid "" "contain backwards-incompatible API changes (:doc:`NumPy versioning policy " "`)." msgstr "" -"流行的 :doc:`Sphinx ` " -"文档生成器是一个使用严格语义版本控制的示例项目( :doc:`Sphinx 版本控制政策 " -"` )。著名的 :doc:`NumPy ` " -"科学计算包明确使用“宽松”语义版本控制,其中递增次要版本可能包含向后不兼容的 " -"API 更改( :doc:`NumPy 版本控制政策 ` )。" +"流行的 :doc:`Sphinx ` 文档生成器是一个使用严格语义版本控制的示" +"例项目( :doc:`Sphinx 版本控制政策 ` )。著" +"名的 :doc:`NumPy ` 科学计算包明确使用“宽松”语义版本控制,其中递" +"增次要版本可能包含向后不兼容的 API 更改( :doc:`NumPy 版本控制政策 ` )。" #: ../source/discussions/versioning.rst:124 msgid "Calendar versioning" @@ -2521,7 +2521,8 @@ msgid "" "Semantic versioning is not a suitable choice for all projects, such as those " "with a regular time based release cadence and a deprecation process that " "provides warnings for a number of releases prior to removal of a feature." -msgstr "语义版本控制并不适用于所有项目,例如具有基于定期时间的发布节奏和弃用流程的项" +msgstr "" +"语义版本控制并不适用于所有项目,例如具有基于定期时间的发布节奏和弃用流程的项" "目,这些弃用流程会在删除某个功能之前为多个版本提供警告。" #: ../source/discussions/versioning.rst:130 @@ -2537,7 +2538,8 @@ msgstr "" msgid "" "Calendar version numbers typically take the form *year.month* (for example, " "23.12 for December 2023)." -msgstr "日历版本号通常采用 *year.month* 的形式(例如,2023 年 12 月为 23.12)。" +msgstr "" +"日历版本号通常采用 *year.month* 的形式(例如,2023 年 12 月为 23.12)。" #: ../source/discussions/versioning.rst:137 msgid "" @@ -2586,10 +2588,10 @@ msgid "" "which can be used to identify local development builds not intended for " "publication, or modified variants of a release maintained by a redistributor." msgstr "" -"公共版本标识符旨在支持通过 :term:`PyPI ` " -"进行分发。Python 打包工具还支持 :ref:`本地版本标识符 ` 的概念,可以用来标识不打算公开发布的本地开发构建,或由重新分发" -"者维护的已修改版本。" +"公共版本标识符旨在支持通过 :term:`PyPI ` 进行分" +"发。Python 打包工具还支持 :ref:`本地版本标识符 ` " +"的概念,可以用来标识不打算公开发布的本地开发构建,或由重新分发者维护的已修改" +"版本。" #: ../source/discussions/versioning.rst:165 msgid "" @@ -2602,12 +2604,11 @@ msgid "" "dev1+gd00980f\", or if the repository has untracked changes, like \"0.5." "dev1+gd00980f.d20231217\"." msgstr "" -"本地版本标识符的形式是一个公共版本标识符,后跟 \"+\" 和本地版本标签。例如," -"应用了 Fedora 特定补丁的包可能会有版本 \"1.2.1+fedora.4\"。另一个例子是由 " -"setuptools-scm_ (一个读取 Git 数据的 setuptools 插件) 计算的版本。" -"在有一些提交的 Git 仓库中,setuptools-scm 会生成类似 \"0.5.dev1+gd00980f\" " -"的版本,或者如果仓库有未跟踪的更改,则生成类似 \"0.5.dev1+gd00980f." -"d20231217\" 的版本。" +"本地版本标识符的形式是一个公共版本标识符,后跟 \"+\" 和本地版本标签。例如,应" +"用了 Fedora 特定补丁的包可能会有版本 \"1.2.1+fedora.4\"。另一个例子是由 " +"setuptools-scm_ (一个读取 Git 数据的 setuptools 插件) 计算的版本。在有一些" +"提交的 Git 仓库中,setuptools-scm 会生成类似 \"0.5.dev1+gd00980f\" 的版本,或" +"者如果仓库有未跟踪的更改,则生成类似 \"0.5.dev1+gd00980f.d20231217\" 的版本。" #: ../source/discussions/versioning.rst:177 msgid "Accessing version information at runtime" @@ -3114,32 +3115,16 @@ msgstr "" "展的 Java 类文件。" #: ../source/glossary.rst:121 -msgid "Known Good Set (KGS)" -msgstr "已知良好集 (KGS)" - -#: ../source/glossary.rst:124 -msgid "" -"A set of distributions at specified versions which are compatible with each " -"other. Typically a test suite will be run which passes all tests before a " -"specific set of packages is declared a known good set. This term is commonly " -"used by frameworks and toolkits which are comprised of multiple individual " -"distributions." -msgstr "" -"一组相互兼容的指定版本的发行版。 通常,将运行一个测试套件,该套件在一组特定的" -"包被声明为已知良好集之前通过所有测试。 该术语通常用于由多个单独发行版组成的框" -"架和工具包。" - -#: ../source/glossary.rst:130 msgid "Import Package" msgstr "导入包" -#: ../source/glossary.rst:133 +#: ../source/glossary.rst:124 msgid "" "A Python module which can contain other modules or recursively, other " "packages." msgstr "一个Python模块,可以包含其他模块或递归地包含其他包。" -#: ../source/glossary.rst:136 +#: ../source/glossary.rst:127 #, fuzzy msgid "" "An import package is more commonly referred to with the single word " @@ -3151,18 +3136,34 @@ msgstr "" "导入包通常用单个词“包”来指代,但本指南将在需要更清楚地说明时使用扩展术语,以" "防止与通常也称为“包”的 :term:`分发包` 混淆." -#: ../source/glossary.rst:142 +#: ../source/glossary.rst:133 #, fuzzy msgid "Installed Project" msgstr "安装程序" -#: ../source/glossary.rst:145 +#: ../source/glossary.rst:136 msgid "" "A :term:`Project` that is installed for use with a Python interpreter or :" "term:`Virtual Environment`, as described in the specicifcation :ref:" "`recording-installed-packages`." msgstr "" +#: ../source/glossary.rst:140 +msgid "Known Good Set (KGS)" +msgstr "已知良好集 (KGS)" + +#: ../source/glossary.rst:143 +msgid "" +"A set of distributions at specified versions which are compatible with each " +"other. Typically a test suite will be run which passes all tests before a " +"specific set of packages is declared a known good set. This term is commonly " +"used by frameworks and toolkits which are comprised of multiple individual " +"distributions." +msgstr "" +"一组相互兼容的指定版本的发行版。 通常,将运行一个测试套件,该套件在一组特定的" +"包被声明为已知良好集之前通过所有测试。 该术语通常用于由多个单独发行版组成的框" +"架和工具包。" + #: ../source/glossary.rst:149 msgid "Module" msgstr "模块" @@ -4241,7 +4242,8 @@ msgstr "" msgid "" "For example if you have a package named ``myapp-plugin-a`` and it includes " "the following in its ``pyproject.toml``:" -msgstr "例如,如果您有一个名为 ``myapp-plugin-a`` 的包,并且它的 ``pyproject.toml`` " +msgstr "" +"例如,如果您有一个名为 ``myapp-plugin-a`` 的包,并且它的 ``pyproject.toml`` " "中包含以下内容:" #: ../source/guides/creating-and-discovering-plugins.rst:136 @@ -4263,7 +4265,8 @@ msgstr "" msgid "" "Now the module of your choice can be imported by executing " "``discovered_plugins['a'].load()``." -msgstr "现在可以通过执行 ``discovered_plugins['a'].load()`` 来导入您选择的模块。" +msgstr "" +"现在可以通过执行 ``discovered_plugins['a'].load()`` 来导入您选择的模块。" #: ../source/guides/creating-and-discovering-plugins.rst:163 msgid "" @@ -4271,9 +4274,8 @@ msgid "" "has a lot of options. It's recommended to read over the entire section on :" "doc:`entry points ` ." msgstr "" -"在 :file:`setup.py` 中的 ``entry_point`` 规范相当灵活,具有很多选项。" -"建议仔细阅读整个关于 :doc:`entry points ` " -"的章节。" +"在 :file:`setup.py` 中的 ``entry_point`` 规范相当灵活,具有很多选项。建议仔细" +"阅读整个关于 :doc:`entry points ` 的章节。" #: ../source/guides/creating-and-discovering-plugins.rst:167 msgid "" @@ -4281,8 +4283,8 @@ msgid "" "library/importlib.metadata>`, most packaging tools other than setuptools " "provide support for defining entry points." msgstr "" -"由于此规范是 :doc:`标准库的一部分 `," -"因此除了 setuptools 之外,大多数打包工具都提供了定义 entry points 的支持。" +"由于此规范是 :doc:`标准库的一部分 `,因此" +"除了 setuptools 之外,大多数打包工具都提供了定义 entry points 的支持。" #: ../source/guides/creating-command-line-tools.rst:5 msgid "Creating and packaging command-line tools" @@ -4296,10 +4298,10 @@ msgid "" "exposing the executable scripts of packages (and available manual pages) for " "use on the command-line." msgstr "" -"本指南将引导您创建和打包一个独立的命令行应用程序,该应用程序可以通过 " -":ref:`pipx` 安装,pipx 是一个创建和管理 :term:`Python 虚拟环境 ` " -"的工具,并暴露包的可执行脚本(以及可用的手册页)以供命令行使用。" +"本指南将引导您创建和打包一个独立的命令行应用程序,该应用程序可以通过 :ref:" +"`pipx` 安装,pipx 是一个创建和管理 :term:`Python 虚拟环境 ` 的工具,并暴露包的可执行脚本(以及可用的手册页)以供命令行使" +"用。" #: ../source/guides/creating-command-line-tools.rst:12 msgid "Creating the package" @@ -5736,7 +5738,7 @@ msgid "" "In particular, `NumPy `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5745,9 +5747,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5865,7 +5867,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "" @@ -5903,32 +5905,53 @@ msgstr "conda 跨平台软件包管理器" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +#, fuzzy +#| msgid "" +#| "`Anaconda `_ is a Python " +#| "distribution published by Anaconda, Inc. It is a stable collection of " +#| "Open Source packages for big data and scientific use. As of the 5.0 " +#| "release of Anaconda, about 200 packages are installed by default, and a " +#| "total of 400-500 can be installed and updated from the Anaconda " +#| "repository." +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" "`Anaconda `_ 是由 Anaconda 公" "司发布的 Python 发行版。它是一个稳定的开源软件包集合,用于大数据和科学用途。 " "在 Anaconda 的5.0版本中,默认安装了大约200个包,总共有400-500个包可以从 " "Anaconda 仓库中安装和更新。" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -9082,29 +9105,51 @@ msgstr "上传到 PyPI" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -9115,31 +9160,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr ":ref:`Flit`," -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr ":ref:`Hatch`," -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr ":ref:`PDM`," -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr ":ref:`Pipenv`," -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr ":ref:`Poetry`," -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -10399,38 +10444,52 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:420 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:426 +msgid "" +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." +msgstr "" + +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" @@ -10438,7 +10497,7 @@ msgstr "" "`文档 `__ | :gh:`Issues ` " "| `PyPI `__" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -10448,11 +10507,11 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 #, fuzzy msgid "" "`GitHub `__ | `PyPI `__ | `PyPI " "`__" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -10469,11 +10528,11 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "enscons" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" @@ -10481,7 +10540,7 @@ msgstr "" ":gh:`源码 ` | :gh:`问题 ` | `PyPI " "`__" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -10493,11 +10552,11 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 #, fuzzy msgid "" "`Docs `__ | :gh:`GitHub `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "Hashdist" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" @@ -10529,7 +10588,7 @@ msgstr "" "`文档 `__ | `GitHub `__" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -10540,11 +10599,11 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" @@ -10552,18 +10611,18 @@ msgstr "" "`文档 `__ | `GitHub `__" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "meson-python" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" @@ -10571,7 +10630,7 @@ msgstr "" "`文档 `__ | `GitHub `__" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -10579,41 +10638,41 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "multibuild" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 #, fuzzy msgid "`GitHub `__" msgstr "`GitHub `__" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -10621,13 +10680,13 @@ msgstr "" "`文档 `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -10635,7 +10694,7 @@ msgstr "" "`文档 `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -10647,11 +10706,11 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "pip-tools" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -10672,27 +10731,27 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" ":gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "piwheels" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" @@ -10700,7 +10759,7 @@ msgstr "" "`网站 `__ | :doc:`文档 ` | " "`GitHub `__" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -10708,11 +10767,11 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "poetry" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -10720,7 +10779,7 @@ msgstr "" "`文档 `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -10734,11 +10793,11 @@ msgstr "" "自己的依赖性解析器。它试图通过本地缓存依赖关系的元数据来加速用户的安装和依赖" "关系的解决。" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -10746,18 +10805,18 @@ msgstr "" "`GitHub 和文档 `__ | `PyPI " "`__" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 #, fuzzy msgid "Pulp-python" msgstr "python" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" @@ -10765,18 +10824,18 @@ msgstr "" "`文档 `__ | :gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" @@ -10784,7 +10843,7 @@ msgstr "" "`文档 `__ | :gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10792,11 +10851,11 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "pypiprivate" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -10804,17 +10863,17 @@ msgstr "" ":gh:`GitHub ` | `PyPI `__" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "pypiserver" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 #, fuzzy msgid "" "`GitHub `__ | `PyPI `__ | `PyPI " "`__" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 #, fuzzy msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" @@ -10839,11 +10898,11 @@ msgstr "" "ref:`pip` 下载和安装它们,而不用公开发布。使用 pypiserver 的组织通常既从 " "pypiserver 也从 PyPI 下载软件包。" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" @@ -10851,7 +10910,7 @@ msgstr "" "`文档 `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10861,11 +10920,11 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__" @@ -10873,17 +10932,17 @@ msgstr "" "`GitHub 和文档 `__ | `PyPI `__" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "scikit-build" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10904,12 +10963,12 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 #, fuzzy msgid "scikit-build-core" msgstr "scikit-build" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" @@ -10941,7 +11000,7 @@ msgstr "" "`文档 `__ | `GitHub `__ | `PyPI `__" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10949,11 +11008,11 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 #, fuzzy msgid "" ":gh:`GitHub ` | `PyPI `__ | `PyPI " "`__" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10970,7 +11029,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10989,18 +11048,18 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" "Spack 不在 PyPI 中(目前),但它不需要安装,从 GitHub 克隆后可以立即使用。" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "zest.releaser" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__ | `PyPI `__" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -11018,15 +11077,15 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "ensurepip" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" @@ -11034,7 +11093,7 @@ msgstr "" "`文档 `__ | `问题 `__" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -11042,12 +11101,12 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 #, fuzzy msgid "http.server" msgstr "pypiserver" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" @@ -11055,18 +11114,18 @@ msgstr "" ":doc:`Docs ` | :gh:`Issues `" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "venv" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" @@ -11074,7 +11133,7 @@ msgstr "" "`文档 `__ | `问题 `__" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -13126,7 +13185,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -14197,6 +14256,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "技术参数" @@ -14334,7 +14394,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "版本" @@ -15969,6 +16029,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -16140,7 +16496,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 #, fuzzy msgid "Recommendations" msgstr "创建文档" @@ -18033,12 +18389,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "规范化" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -18048,11 +18419,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -18062,7 +18433,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -18070,7 +18441,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -18078,12 +18449,12 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy msgid "Installers" msgstr "安装程序" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -18093,7 +18464,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -18103,14 +18474,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -18120,7 +18491,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -18128,7 +18499,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -18137,38 +18508,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -18179,29 +18550,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -18210,7 +18581,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -18220,49 +18591,49 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy msgid "Clients" msgstr "内容" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -18271,7 +18642,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -18283,7 +18654,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -18293,18 +18664,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -18312,11 +18683,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -18324,7 +18695,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -18334,7 +18705,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -18344,7 +18715,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -18352,28 +18723,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -18382,38 +18753,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "规范化" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -18421,19 +18792,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy msgid "Project List" msgstr "项目" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "示例:" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -18487,7 +18858,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -18587,27 +18958,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -18616,7 +18987,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -18627,7 +18998,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -18691,12 +19070,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "版本" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -18705,65 +19084,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -18771,7 +19150,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -18782,7 +19161,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -18791,33 +19170,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "``$type/$subtype``" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "``$type/*``" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "``*/*``" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -18827,7 +19206,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18837,7 +19216,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18845,7 +19224,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18856,22 +19235,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18880,25 +19259,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18906,13 +19285,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18922,18 +19301,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18941,7 +19320,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18951,7 +19330,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18959,11 +19338,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18974,7 +19353,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18982,7 +19361,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18991,7 +19370,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18999,7 +19378,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -19009,20 +19388,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -19030,7 +19409,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -19039,18 +19418,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -19058,13 +19437,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -19073,23 +19452,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -19098,63 +19477,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -19164,7 +19543,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -19172,7 +19551,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -19181,22 +19560,22 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 #, fuzzy msgid "Additional file information" msgstr "附加工具" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -19208,11 +19587,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -19220,11 +19599,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -19232,7 +19611,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -19241,14 +19620,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "请确保在软件包名称中指定你的用户名!" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "pip应该会安装 TestPyPI 的软件包,输出结果应该是这样的:" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -22741,23 +23126,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "并导入该软件包:" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -22765,28 +23150,28 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 msgid "" "Choose a memorable and unique name for your package. You don't have to " "append your username as you did in the tutorial, but you can't use an " "existing name." msgstr "" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -22794,44 +23179,44 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages \n" "Language-Team: Chinese (Traditional) `__, which provides the basis for " "most of the software in the `scientific Python stack `_ can be configured to interoperate with different FORTRAN " -"libraries, and can take advantage of different levels of vectorised " +"libraries, and can take advantage of different levels of vectorized " "instructions available in modern CPUs." msgstr "" @@ -5173,9 +5173,9 @@ msgid "" "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built " "32-bit and 64-bit binaries in the ``wheel`` format are available for all " "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, " -"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 instructions, " -"so they may not provide optimal linear algebra performance." +"that on Windows, NumPy binaries are linked against the `ATLAS `__ BLAS/LAPACK library, restricted to SSE2 " +"instructions, so they may not provide optimal linear algebra performance." msgstr "" #: ../source/guides/installing-scientific-packages.rst:26 @@ -5288,7 +5288,7 @@ msgid "" msgstr "" #: ../source/guides/installing-scientific-packages.rst:100 -#: ../source/key_projects.rst:808 +#: ../source/key_projects.rst:812 msgid "Spack" msgstr "Spack" @@ -5320,28 +5320,41 @@ msgstr "" #: ../source/guides/installing-scientific-packages.rst:121 msgid "" -"`Anaconda `_ is a Python " +"``conda`` is an open source (BSD licensed) package management system and " +"environment management system that allows users to install multiple versions " +"of binary software packages and their dependencies, and easily switch " +"between them. It is a cross-platform tool working on Windows, MacOS, and " +"Linux. Conda can be used to package up and distribute all kinds of packages, " +"it is not limited to just Python packages. It has full support for native " +"virtual environments. Conda makes environments first-class citizens, making " +"it easy to create independent environments even for C libraries. It is " +"written in Python, but is Python-agnostic. Conda manages Python itself as a " +"package, so that :command:`conda update python` is possible, in contrast to " +"pip, which only manages Python packages." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:133 +msgid "" +"Anaconda `Anaconda `_ is a Python " "distribution published by Anaconda, Inc. It is a stable collection of Open " -"Source packages for big data and scientific use. As of the 5.0 release of " -"Anaconda, about 200 packages are installed by default, and a total of " -"400-500 can be installed and updated from the Anaconda repository." +"Source packages for big data and scientific use, and a collection of " +"Graphical Interface utilities for managing conda environments." msgstr "" -#: ../source/guides/installing-scientific-packages.rst:127 +#: ../source/guides/installing-scientific-packages.rst:135 msgid "" -"``conda`` is an open source (BSD licensed) package management system and " -"environment management system included in Anaconda that allows users to " -"install multiple versions of binary software packages and their " -"dependencies, and easily switch between them. It is a cross-platform tool " -"working on Windows, macOS, and Linux. Conda can be used to package up and " -"distribute all kinds of packages, it is not limited to just Python packages. " -"It has full support for native virtual environments. Conda makes " -"environments first-class citizens, making it easy to create independent " -"environments even for C libraries. It is written in Python, but is Python-" -"agnostic. Conda manages Python itself as a package, so that :command:`conda " -"update python` is possible, in contrast to pip, which only manages Python " -"packages. Conda is available in Anaconda and Miniconda (an easy-to-install " -"download with just Python and conda)." +"In addition to the full distribution provided by Anaconda, the conda package " +"manager itself is available in `miniconda `_, `miniforge `_, and " +"`pixi `_." +msgstr "" + +#: ../source/guides/installing-scientific-packages.rst:138 +msgid "" +"Conda packages are available on multiple channels on Anaconda.org, including " +"the default channel supported by Anaconda, Inc, the community supported " +"conda-forge channel, which provides a wide variety of pre-built packages, " +"and some domain-specific package collections." msgstr "" #: ../source/guides/installing-stand-alone-command-line-tools.rst:4 @@ -8426,29 +8439,51 @@ msgstr "" #: ../source/guides/tool-recommendations.rst:142 msgid "" -"For projects hosted on GitHub, it is recommended to use the :ref:`trusted " -"publishing `, which allows the package to be securely " -"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on " -"software forges other than GitHub.)" +"For projects hosted on or published via supported CI/CD platforms, it is " +"recommended to use the :ref:`Trusted Publishing `, which " +"allows the package to be securely uploaded to PyPI from a CI/CD workflow " +"without a manually configured API token." msgstr "" #: ../source/guides/tool-recommendations.rst:147 msgid "" +"As of November 2024, PyPI supports the following platforms as Trusted " +"Publishing providers:" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:150 +msgid "GitHub Actions (on ``https://github.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:151 +msgid "GitLab CI/CD (on ``https://gitlab.com``)" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:152 +msgid "ActiveState" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:153 +msgid "Google Cloud" +msgstr "" + +#: ../source/guides/tool-recommendations.rst:155 +msgid "" "The other available method is to upload the package manually using :ref:" "`twine`." msgstr "" -#: ../source/guides/tool-recommendations.rst:149 +#: ../source/guides/tool-recommendations.rst:159 msgid "" "**Never** use ``python setup.py upload`` for this task. In addition to " "being :ref:`deprecated `, it is insecure." msgstr "" -#: ../source/guides/tool-recommendations.rst:154 +#: ../source/guides/tool-recommendations.rst:164 msgid "Workflow tools" msgstr "" -#: ../source/guides/tool-recommendations.rst:156 +#: ../source/guides/tool-recommendations.rst:166 msgid "" "These tools are environment managers that automatically manage virtual " "environments for a project. They also act as \"task runners\", allowing you " @@ -8459,31 +8494,31 @@ msgid "" "alphabetical order:" msgstr "" -#: ../source/guides/tool-recommendations.rst:164 +#: ../source/guides/tool-recommendations.rst:174 msgid ":ref:`Flit`," msgstr ":ref:`Flit`," -#: ../source/guides/tool-recommendations.rst:165 +#: ../source/guides/tool-recommendations.rst:175 msgid ":ref:`Hatch`," msgstr ":ref:`Hatch`," -#: ../source/guides/tool-recommendations.rst:166 +#: ../source/guides/tool-recommendations.rst:176 msgid ":doc:`nox `," msgstr "" -#: ../source/guides/tool-recommendations.rst:167 +#: ../source/guides/tool-recommendations.rst:177 msgid ":ref:`PDM`," msgstr ":ref:`PDM`," -#: ../source/guides/tool-recommendations.rst:168 +#: ../source/guides/tool-recommendations.rst:178 msgid ":ref:`Pipenv`," msgstr ":ref:`Pipenv`," -#: ../source/guides/tool-recommendations.rst:169 +#: ../source/guides/tool-recommendations.rst:179 msgid ":ref:`Poetry`," msgstr ":ref:`Poetry`," -#: ../source/guides/tool-recommendations.rst:170 +#: ../source/guides/tool-recommendations.rst:180 msgid ":doc:`tox `." msgstr "" @@ -9660,44 +9695,58 @@ msgstr "" #: ../source/key_projects.rst:407 msgid "" -"conda is the package management tool for `Anaconda `__ Python installations. Anaconda Python is a distribution " -"from `Anaconda, Inc `__ " -"specifically aimed at the scientific community, and in particular on Windows " -"where the installation of binary extensions is often difficult." +"Conda is a package, dependency, and environment management system for any " +"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in " +"Python and widely used in the Python scientific computing community, due to " +"its support for non-Python compiled libraries and extensions. It is used as " +"the basis of the `Anaconda `__ Python " +"distribution from Anaconda, Inc. It was originally aimed at the scientific " +"community, but can also be used on its own, or with the :doc:`miniconda " +"`, `miniforge `_ " +"or `pixi `_ systems. It is available for Windows, Mac and " +"Linux systems." msgstr "" -#: ../source/key_projects.rst:414 +#: ../source/key_projects.rst:416 msgid "" "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, " -"but provides many of their combined features in terms of package management, " -"virtual environment management and deployment of binary extensions." +"but provides many of their combined features, such as package management, " +"virtual environment management and deployment of binary extensions and other " +"binary code." +msgstr "" + +#: ../source/key_projects.rst:420 +msgid "" +"Conda does not install packages from PyPI -- it can only manage packages " +"built specifically for conda, which can be made available on a \"conda " +"channel\", such as those hosted on `anaconda.org `__, " +"or a local (e.g. intranet) package server. In addition to the \"default\" " +"channels managed by `Anaconda, Inc. `__, there " +"are a wide variety of packages from the community supported `conda-forge " +"project `__" msgstr "" -#: ../source/key_projects.rst:418 +#: ../source/key_projects.rst:426 msgid "" -"Conda does not install packages from PyPI and can install only from the " -"official Anaconda repositories, or anaconda.org (a place for user-" -"contributed *conda* packages), or a local (e.g. intranet) package server. " -"However, note that :ref:`pip` can be installed into, and work side-by-side " -"with conda for managing :term:`distributions ` from " -"PyPI. Also, `conda skeleton `__ is a tool to make " -"Python packages installable by conda by first fetching them from PyPI and " -"modifying their metadata." +"Note that :ref:`pip` can be installed into, and work side-by-side with conda " +"for managing :term:`distributions ` from PyPI. It is " +"also possible to build conda packages from Python source packages using " +"tools such as `conda skeleton `__: a tool to " +"automatically make conda packages from Python packages available on PyPI." msgstr "" -#: ../source/key_projects.rst:431 +#: ../source/key_projects.rst:435 msgid "devpi" msgstr "" -#: ../source/key_projects.rst:433 +#: ../source/key_projects.rst:437 msgid "" "`Docs `__ | :gh:`Issues ` " "| `PyPI `__" msgstr "" -#: ../source/key_projects.rst:437 +#: ../source/key_projects.rst:441 msgid "" "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a " "complementary command line tool to drive packaging, testing and release " @@ -9707,17 +9756,17 @@ msgid "" "replication and fail-over, and package upload." msgstr "" -#: ../source/key_projects.rst:448 +#: ../source/key_projects.rst:452 msgid "dumb-pypi" msgstr "" -#: ../source/key_projects.rst:450 +#: ../source/key_projects.rst:454 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:453 +#: ../source/key_projects.rst:457 msgid "" "dumb-pypi is a simple :term:`package index ` static file site " "generator, which then must be hosted by a static file webserver to become " @@ -9725,17 +9774,17 @@ msgid "" "status." msgstr "" -#: ../source/key_projects.rst:460 +#: ../source/key_projects.rst:464 msgid "enscons" msgstr "" -#: ../source/key_projects.rst:462 +#: ../source/key_projects.rst:466 msgid "" ":gh:`Source ` | :gh:`Issues ` | `PyPI " "`__" msgstr "" -#: ../source/key_projects.rst:466 +#: ../source/key_projects.rst:470 msgid "" "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-" "compatible source distributions and wheels without using distutils or " @@ -9747,38 +9796,38 @@ msgid "" "independent of enscons." msgstr "" -#: ../source/key_projects.rst:481 +#: ../source/key_projects.rst:485 msgid "Flask-Pypi-Proxy" msgstr "" -#: ../source/key_projects.rst:483 +#: ../source/key_projects.rst:487 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:487 ../source/key_projects.rst:681 -#: ../source/key_projects.rst:740 +#: ../source/key_projects.rst:491 ../source/key_projects.rst:685 +#: ../source/key_projects.rst:744 msgid "Not maintained, project archived" msgstr "" -#: ../source/key_projects.rst:489 +#: ../source/key_projects.rst:493 msgid "" "Flask-Pypi-Proxy is a :term:`package index ` as a cached " "proxy for PyPI." msgstr "" -#: ../source/key_projects.rst:495 +#: ../source/key_projects.rst:499 msgid "Hashdist" msgstr "" -#: ../source/key_projects.rst:497 +#: ../source/key_projects.rst:501 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:500 +#: ../source/key_projects.rst:504 msgid "" "Hashdist is a library for building non-root software distributions. Hashdist " "is trying to be “the Debian of choice for cases where Debian technology " @@ -9789,34 +9838,34 @@ msgid "" "researchers but has been lacking in maintenance since 2016." msgstr "" -#: ../source/key_projects.rst:512 +#: ../source/key_projects.rst:516 msgid "Maturin" msgstr "" -#: ../source/key_projects.rst:514 +#: ../source/key_projects.rst:518 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:517 +#: ../source/key_projects.rst:521 msgid "" "Maturin is a build backend for Rust extension modules, also written in Rust. " "It supports building wheels for python 3.7+ on Windows, Linux, macOS and " "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support." msgstr "" -#: ../source/key_projects.rst:525 +#: ../source/key_projects.rst:529 msgid "meson-python" msgstr "" -#: ../source/key_projects.rst:527 +#: ../source/key_projects.rst:531 msgid "" "`Docs `__ | `GitHub `__" msgstr "" -#: ../source/key_projects.rst:530 +#: ../source/key_projects.rst:534 msgid "" "``meson-python`` is a build backend that uses the Meson_ build system. It " "enables Python package authors to use Meson_ as the build system for their " @@ -9824,58 +9873,58 @@ msgid "" "to fill the needs of most complex build configurations." msgstr "" -#: ../source/key_projects.rst:540 +#: ../source/key_projects.rst:544 msgid "multibuild" msgstr "" -#: ../source/key_projects.rst:542 +#: ../source/key_projects.rst:546 msgid "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:544 +#: ../source/key_projects.rst:548 msgid "" "Multibuild is a set of CI scripts for building and testing Python :term:" "`wheels ` for Linux, macOS, and (less flexibly) Windows. Also see :" "ref:`cibuildwheel`." msgstr "" -#: ../source/key_projects.rst:550 +#: ../source/key_projects.rst:554 msgid "nginx_pypi_cache" msgstr "" -#: ../source/key_projects.rst:552 +#: ../source/key_projects.rst:556 msgid ":gh:`GitHub `" msgstr "" -#: ../source/key_projects.rst:554 +#: ../source/key_projects.rst:558 msgid "" "nginx_pypi_cache is a :term:`package index ` caching proxy " "using `nginx `_." msgstr "" -#: ../source/key_projects.rst:560 +#: ../source/key_projects.rst:564 msgid "pdm" msgstr "" -#: ../source/key_projects.rst:562 +#: ../source/key_projects.rst:566 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:566 +#: ../source/key_projects.rst:570 msgid "" "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to " "store project metadata as defined in :pep:`621`." msgstr "" -#: ../source/key_projects.rst:574 +#: ../source/key_projects.rst:578 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:578 +#: ../source/key_projects.rst:582 msgid "" "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, " "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files " @@ -9887,18 +9936,18 @@ msgid "" "PEX file into a standard venv, graphing dependencies and more." msgstr "" -#: ../source/key_projects.rst:590 +#: ../source/key_projects.rst:594 msgid "pip-tools" msgstr "" -#: ../source/key_projects.rst:592 +#: ../source/key_projects.rst:596 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:596 +#: ../source/key_projects.rst:600 msgid "" "pip-tools is a suite of tools meant for Python system administrators and " "release managers who particularly want to keep their builds deterministic " @@ -9909,32 +9958,32 @@ msgid "" "not provide), and create layers of constraints for the program to obey." msgstr "" -#: ../source/key_projects.rst:608 +#: ../source/key_projects.rst:612 msgid "pip2pi" msgstr "" -#: ../source/key_projects.rst:610 +#: ../source/key_projects.rst:614 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:613 +#: ../source/key_projects.rst:617 msgid "" "pip2pi is a :term:`package index ` server where specific " "packages are manually synchronised." msgstr "" -#: ../source/key_projects.rst:619 +#: ../source/key_projects.rst:623 msgid "piwheels" msgstr "" -#: ../source/key_projects.rst:621 +#: ../source/key_projects.rst:625 msgid "" "`Website `__ | :doc:`Docs ` | " "`GitHub `__" msgstr "" -#: ../source/key_projects.rst:625 +#: ../source/key_projects.rst:629 msgid "" "piwheels is a website, and software underpinning it, that fetches source " "code distribution packages from PyPI and compiles them into binary wheels " @@ -9942,17 +9991,17 @@ msgid "" "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI." msgstr "" -#: ../source/key_projects.rst:634 +#: ../source/key_projects.rst:638 msgid "poetry" msgstr "" -#: ../source/key_projects.rst:636 +#: ../source/key_projects.rst:640 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:640 +#: ../source/key_projects.rst:644 msgid "" "poetry is a command-line tool to handle dependency installation and " "isolation as well as building and packaging of Python packages. It uses " @@ -9962,49 +10011,49 @@ msgid "" "caching metadata about dependencies." msgstr "" -#: ../source/key_projects.rst:650 +#: ../source/key_projects.rst:654 msgid "proxpi" msgstr "" -#: ../source/key_projects.rst:652 +#: ../source/key_projects.rst:656 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:655 +#: ../source/key_projects.rst:659 msgid "" "proxpi is a simple :term:`package index ` which proxies PyPI " "and other indexes with caching." msgstr "" -#: ../source/key_projects.rst:661 +#: ../source/key_projects.rst:665 msgid "Pulp-python" msgstr "" -#: ../source/key_projects.rst:663 +#: ../source/key_projects.rst:667 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:667 +#: ../source/key_projects.rst:671 msgid "" "Pulp-python is the Python :term:`package index ` plugin for " "`Pulp `_. Pulp-python supports mirrors backed by " "local or `AWS S3`_, package upload, and proxying to multiple package indexes." msgstr "" -#: ../source/key_projects.rst:675 +#: ../source/key_projects.rst:679 msgid "PyPI Cloud" msgstr "" -#: ../source/key_projects.rst:677 +#: ../source/key_projects.rst:681 msgid "" "`Docs `__ | :gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:683 +#: ../source/key_projects.rst:687 msgid "" "PyPI Cloud is a :term:`package index ` server, backed by `AWS " "S3`_ or another cloud storage service, or local files. PyPI Cloud supports " @@ -10012,33 +10061,33 @@ msgid "" "authorisation." msgstr "" -#: ../source/key_projects.rst:691 +#: ../source/key_projects.rst:695 msgid "pypiprivate" msgstr "" -#: ../source/key_projects.rst:693 +#: ../source/key_projects.rst:697 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:696 +#: ../source/key_projects.rst:700 msgid "" "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :" "term:`package index `." msgstr "" -#: ../source/key_projects.rst:702 +#: ../source/key_projects.rst:706 msgid "pypiserver" msgstr "" -#: ../source/key_projects.rst:704 +#: ../source/key_projects.rst:708 msgid "" "`GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:707 +#: ../source/key_projects.rst:711 msgid "" "pypiserver is a minimalist application that serves as a private Python :term:" "`package index ` (from a local directory) within " @@ -10049,17 +10098,17 @@ msgid "" "pypiserver and from PyPI." msgstr "" -#: ../source/key_projects.rst:718 +#: ../source/key_projects.rst:722 msgid "PyScaffold" msgstr "" -#: ../source/key_projects.rst:720 +#: ../source/key_projects.rst:724 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:724 +#: ../source/key_projects.rst:728 msgid "" "PyScaffold is a project generator for bootstrapping Python packages, ready " "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of " @@ -10069,33 +10118,33 @@ msgid "" "existing projects to make packaging easier." msgstr "" -#: ../source/key_projects.rst:735 +#: ../source/key_projects.rst:739 msgid "pywharf" msgstr "" -#: ../source/key_projects.rst:737 +#: ../source/key_projects.rst:741 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:742 +#: ../source/key_projects.rst:746 msgid "" "pywharf is a :term:`package index ` server, serving files " "locally or from `GitHub `_." msgstr "" -#: ../source/key_projects.rst:748 +#: ../source/key_projects.rst:752 msgid "scikit-build" msgstr "" -#: ../source/key_projects.rst:750 +#: ../source/key_projects.rst:754 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:754 +#: ../source/key_projects.rst:758 msgid "" "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/" "Fortran/Cython extensions It uses `cmake `__ " @@ -10106,18 +10155,18 @@ msgid "" "ninja>`__ (also available on PyPI)." msgstr "" -#: ../source/key_projects.rst:765 +#: ../source/key_projects.rst:769 msgid "scikit-build-core" msgstr "" -#: ../source/key_projects.rst:767 +#: ../source/key_projects.rst:771 msgid "" "`Docs `__ | `GitHub " "`__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:771 +#: ../source/key_projects.rst:775 msgid "" "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython " "extensions. It enables users to write extensions with `cmake `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:787 +#: ../source/key_projects.rst:791 msgid "" "shiv is a command line utility for building fully self contained Python " "zipapps as outlined in :pep:`441`, but with all their dependencies included. " @@ -10145,17 +10194,17 @@ msgid "" "tools fast & easy." msgstr "" -#: ../source/key_projects.rst:795 +#: ../source/key_projects.rst:799 msgid "simpleindex" msgstr "" -#: ../source/key_projects.rst:797 +#: ../source/key_projects.rst:801 msgid "" ":gh:`GitHub ` | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:800 +#: ../source/key_projects.rst:804 msgid "" "simpleindex is a :term:`package index ` which routes URLs to " "multiple package indexes (including PyPI), serves local (or cloud-hosted, " @@ -10163,7 +10212,7 @@ msgid "" "supports custom plugins." msgstr "" -#: ../source/key_projects.rst:810 +#: ../source/key_projects.rst:814 msgid "" ":doc:`Docs ` | `GitHub `__ | " "`Paper `__" msgstr "" -#: ../source/key_projects.rst:815 +#: ../source/key_projects.rst:819 msgid "" "A flexible package manager designed to support multiple versions, " "configurations, platforms, and compilers. Spack is like Homebrew, but " @@ -10182,24 +10231,24 @@ msgid "" "supercomputers." msgstr "" -#: ../source/key_projects.rst:823 +#: ../source/key_projects.rst:827 msgid "" "Spack is not in PyPI (yet), but it requires no installation and can be used " "immediately after cloning from GitHub." msgstr "" -#: ../source/key_projects.rst:829 +#: ../source/key_projects.rst:833 msgid "zest.releaser" msgstr "" -#: ../source/key_projects.rst:831 +#: ../source/key_projects.rst:835 msgid "" "`Docs `__ | `GitHub `__ | `PyPI `__" msgstr "" -#: ../source/key_projects.rst:835 +#: ../source/key_projects.rst:839 msgid "" "``zest.releaser`` is a Python package release tool providing an abstraction " "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to " @@ -10207,21 +10256,21 @@ msgid "" "releases in source control, and uploading new packages to PyPI." msgstr "" -#: ../source/key_projects.rst:842 +#: ../source/key_projects.rst:846 msgid "Standard Library Projects" msgstr "" -#: ../source/key_projects.rst:847 +#: ../source/key_projects.rst:851 msgid "ensurepip" msgstr "" -#: ../source/key_projects.rst:849 +#: ../source/key_projects.rst:853 msgid "" "`Docs `__ | `Issues " "`__" msgstr "" -#: ../source/key_projects.rst:852 +#: ../source/key_projects.rst:856 msgid "" "A package in the Python Standard Library that provides support for " "bootstrapping :ref:`pip` into an existing Python installation or virtual " @@ -10229,34 +10278,34 @@ msgid "" "will be used during the build of the Python distribution." msgstr "" -#: ../source/key_projects.rst:860 +#: ../source/key_projects.rst:864 msgid "http.server" msgstr "" -#: ../source/key_projects.rst:862 +#: ../source/key_projects.rst:866 msgid "" ":doc:`Docs ` | :gh:`Issues `" msgstr "" -#: ../source/key_projects.rst:865 +#: ../source/key_projects.rst:869 msgid "" "A package and command-line interface which can host a directory as a " "website, for example as a :term:`package index ` (see :ref:" "`Hosting your Own Simple Repository`)." msgstr "" -#: ../source/key_projects.rst:872 +#: ../source/key_projects.rst:876 msgid "venv" msgstr "" -#: ../source/key_projects.rst:874 +#: ../source/key_projects.rst:878 msgid "" "`Docs `__ | `Issues `__" msgstr "" -#: ../source/key_projects.rst:877 +#: ../source/key_projects.rst:881 msgid "" "A package in the Python Standard Library (starting with Python 3.3) for " "creating :term:`Virtual Environments `. For more " @@ -12307,7 +12356,7 @@ msgstr "" #: ../source/specifications/platform-compatibility-tags.rst:332 #: ../source/specifications/pyproject-toml.rst:444 #: ../source/specifications/recording-installed-packages.rst:252 -#: ../source/specifications/simple-repository-api.rst:974 +#: ../source/specifications/simple-repository-api.rst:988 #: ../source/specifications/source-distribution-format.rst:144 #: ../source/specifications/version-specifiers.rst:1266 #: ../source/specifications/virtual-environments.rst:54 @@ -13377,6 +13426,7 @@ msgstr "" #: ../source/specifications/dependency-specifiers.rst:26 #: ../source/specifications/direct-url-data-structure.rst:19 #: ../source/specifications/direct-url.rst:15 +#: ../source/specifications/index-hosted-attestations.rst:17 #: ../source/specifications/inline-script-metadata.rst:13 msgid "Specification" msgstr "規格" @@ -13514,7 +13564,7 @@ msgid "" msgstr "" #: ../source/specifications/dependency-specifiers.rst:163 -#: ../source/specifications/simple-repository-api.rst:888 +#: ../source/specifications/simple-repository-api.rst:902 msgid "Versions" msgstr "版本" @@ -15142,6 +15192,302 @@ msgid "" "www.pypa.io/en/latest/specifications/>`__." msgstr "" +#: ../source/specifications/index-hosted-attestations.rst:6 +msgid "Index hosted attestations" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:8 +msgid "This specification was originally defined in :pep:`740`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:12 +msgid "" +":pep:`740` includes changes to the HTML and JSON index APIs. These changes " +"are documented in the :ref:`simple-repository-api` under :ref:`simple-" +"repository-api-base` and :ref:`json-serialization`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:22 +msgid "Upload endpoint changes" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:26 +msgid "" +"The \"legacy\" upload API is not standardized. See `PyPI's Upload API " +"documentation `_ for how attestations are " +"uploaded." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:33 +msgid "Attestation objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:35 +msgid "" +"An attestation object is a JSON object with several required keys; " +"applications or signers may include additional keys so long as all " +"explicitly listed keys are provided. The required layout of an attestation " +"object is provided as pseudocode below." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:88 +msgid "" +"A full data model for each object in ``transparency_entries`` is provided " +"in :ref:`appendix`. Attestation objects **SHOULD** include one or more " +"transparency log entries, and **MAY** include additional keys for other " +"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a " +"`Roughtime `__ server)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:94 +msgid "" +"Attestation objects are versioned; this PEP specifies version 1. Each " +"version is tied to a single cryptographic suite to minimize unnecessary " +"cryptographic agility. In version 1, the suite is as follows:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:98 +msgid "" +"Certificates are specified as X.509 certificates, and comply with the " +"profile in :rfc:`5280`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:100 +msgid "" +"The message signature algorithm is ECDSA, with the P-256 curve for public " +"keys and SHA-256 as the cryptographic digest function." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:103 +msgid "" +"Future PEPs may change this suite (and the overall shape of the attestation " +"object) by selecting a new version number." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:109 +msgid "Attestation statement and signature generation" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:111 +msgid "" +"The *attestation statement* is the actual claim that is cryptographically " +"signed over within the attestation object (i.e., the ``envelope.statement``)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:114 +msgid "" +"The attestation statement is encoded as a `v1 in-toto Statement object " +"`__, in JSON form. When serialized the statement is treated as an opaque " +"binary blob, avoiding the need for canonicalization." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:119 +msgid "" +"In addition to being a v1 in-toto Statement, the attestation statement is " +"constrained in the following ways:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:122 +msgid "The in-toto ``subject`` **MUST** contain only a single subject." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:123 +msgid "" +"``subject[0].name`` is the distribution's filename, which **MUST** be a " +"valid :ref:`source distribution ` or :ref:`wheel " +"distribution ` filename." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:126 +msgid "" +"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests " +"**MAY** be present. The digests **MUST** be represented as hexadecimal " +"strings." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:128 +msgid "The following ``predicateType`` values are supported:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:130 +msgid "" +"`SLSA Provenance `__: ``https://slsa.dev/" +"provenance/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:131 +msgid "" +"`PyPI Publish Attestation `__: ``https://docs.pypi.org/attestations/publish/v1``" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:133 +msgid "" +"The signature over this statement is constructed using the `v1 DSSE " +"signature protocol `__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` " +"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other " +"``PAYLOAD_TYPE`` is permitted." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:141 +msgid "Provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:143 +msgid "" +"The index will serve uploaded attestations along with metadata that can " +"assist in verifying them in the form of JSON serialized objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:146 +msgid "" +"These *provenance objects* will be available via both the Simple Index and " +"JSON-based Simple API as described above, and will have the following layout:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:169 +msgid "or, as pseudocode:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:217 +msgid "" +"``version`` is ``1``. Like attestation objects, provenance objects are " +"versioned, and this PEP only defines version ``1``." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:219 +msgid "" +"``attestation_bundles`` is a **required** JSON array, containing one or more " +"\"bundles\" of attestations. Each bundle corresponds to a signing identity " +"(such as a Trusted Publishing identity), and contains one or more " +"attestation objects." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:224 +msgid "" +"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` " +"object is specific to its Trusted Publisher but must include at minimum:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:228 +msgid "" +"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the " +"kind of Trusted Publisher." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:230 +msgid "" +"A ``claims`` key, which **MUST** be a JSON object containing any context-" +"specific claims retained by the index during Trusted Publisher " +"authentication." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:233 +msgid "All other keys in the publisher object are publisher-specific." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:235 +msgid "" +"Each array of attestation objects is a superset of the ``attestations`` " +"array supplied by the uploaded through the ``attestations`` field at upload " +"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-" +"objects`." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:243 +msgid "Changes to provenance objects" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:245 +msgid "" +"Provenance objects are *not* immutable, and may change over time. Reasons " +"for changes to the provenance object include but are not limited to:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:248 +msgid "" +"Addition of new attestations for a pre-existing signing identity: the index " +"**MAY** choose to allow additional attestations by pre-existing signing " +"identities, such as newer attestation versions for already uploaded files." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:253 +msgid "" +"Addition of new signing identities and associated attestations: the index " +"**MAY** choose to support attestations from sources other than the file's " +"uploader, such as third-party auditors or the index itself. These " +"attestations may be performed asynchronously, requiring the index to insert " +"them into the provenance object *post facto*." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:262 +msgid "Attestation verification" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:264 +msgid "" +"Verifying an attestation object against a distribution file requires " +"verification of each of the following:" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:267 +msgid "``version`` is ``1``. The verifier **MUST** reject any other version." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:268 +msgid "" +"``verification_material.certificate`` is a valid signing certificate, as " +"issued by an *a priori* trusted authority (such as a root of trust already " +"present within the verifying client)." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:271 +msgid "" +"``verification_material.certificate`` identifies an appropriate signing " +"subject, such as the machine identity of the Trusted Publisher that " +"published the package." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:274 +msgid "" +"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and " +"digest that **MUST** match the distribution's filename and contents. For the " +"distribution's filename, matching **MUST** be performed by parsing using the " +"appropriate source distribution or wheel filename format, as the statement's " +"subject may be equivalent but normalized." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:279 +msgid "" +"``envelope.signature`` is a valid signature for ``envelope.statement`` " +"corresponding to ``verification_material.certificate``, as reconstituted via " +"the `v1 DSSE signature protocol `__." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:284 +msgid "" +"In addition to the above required steps, a verifier **MAY** additionally " +"verify ``verification_material.transparency_entries`` on a policy basis, e." +"g. requiring at least one transparency log entry or a threshold of entries. " +"When verifying transparency entries, the verifier **MUST** confirm that the " +"inclusion time for each entry lies within the signing certificate's validity " +"period." +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:293 +msgid "Appendix: Data models for Transparency Log Entries" +msgstr "" + +#: ../source/specifications/index-hosted-attestations.rst:295 +msgid "" +"This appendix contains pseudocoded data models for transparency log entries " +"in attestation objects. Each transparency log entry serves as a source of " +"signed inclusion time, and can be verified either online or offline." +msgstr "" + #: ../source/specifications/inline-script-metadata.rst:5 msgid "Inline script metadata" msgstr "" @@ -15314,7 +15660,7 @@ msgid "" msgstr "" #: ../source/specifications/inline-script-metadata.rst:205 -#: ../source/specifications/simple-repository-api.rst:815 +#: ../source/specifications/simple-repository-api.rst:829 msgid "Recommendations" msgstr "" @@ -17206,12 +17552,27 @@ msgid "" "``>``, respectively." msgstr "" -#: ../source/specifications/simple-repository-api.rst:100 +#: ../source/specifications/simple-repository-api.rst:99 +msgid "" +"A repository **MAY** include a ``data-provenance`` attribute on a file link. " +"The value of this attribute **MUST** be a fully qualified URL, signaling " +"that the file's provenance can be found at that URL. This URL **MUST** " +"represent a `secure origin `_." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:106 +msgid "" +"The format of the linked provenance is defined in :ref:`index-hosted-" +"attestations`." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:109 #, fuzzy msgid "Normalized Names" msgstr "翻譯" -#: ../source/specifications/simple-repository-api.rst:102 +#: ../source/specifications/simple-repository-api.rst:111 msgid "" "This spec references the concept of a \"normalized\" project name. As per :" "ref:`the name normalization specification ` the only " @@ -17221,11 +17582,11 @@ msgid "" "implemented in Python with the ``re`` module::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:117 +#: ../source/specifications/simple-repository-api.rst:126 msgid "Adding \"Yank\" Support to the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:119 +#: ../source/specifications/simple-repository-api.rst:128 msgid "" "Links in the simple repository **MAY** have a ``data-yanked`` attribute " "which may have no value, or may have an arbitrary string as a value. The " @@ -17235,7 +17596,7 @@ msgid "" "under specific scenarios." msgstr "" -#: ../source/specifications/simple-repository-api.rst:126 +#: ../source/specifications/simple-repository-api.rst:135 msgid "" "The value of the ``data-yanked`` attribute, if present, is an arbitrary " "string that represents the reason for why the file has been yanked. Tools " @@ -17243,7 +17604,7 @@ msgid "" "users." msgstr "" -#: ../source/specifications/simple-repository-api.rst:131 +#: ../source/specifications/simple-repository-api.rst:140 msgid "" "The yanked attribute is not immutable once set, and may be rescinded in the " "future (and once rescinded, may be reset as well). Thus API users **MUST** " @@ -17251,12 +17612,12 @@ msgid "" "again)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:138 +#: ../source/specifications/simple-repository-api.rst:147 #, fuzzy msgid "Installers" msgstr "安裝軟體套件" -#: ../source/specifications/simple-repository-api.rst:140 +#: ../source/specifications/simple-repository-api.rst:149 msgid "" "The desirable experience for users is that once a file is yanked, when a " "human being is currently trying to directly install a yanked file, that it " @@ -17266,7 +17627,7 @@ msgid "" "been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:147 +#: ../source/specifications/simple-repository-api.rst:156 msgid "" "An installer **MUST** ignore yanked releases, if the selection constraints " "can be satisfied with a non-yanked version, and **MAY** refuse to use a " @@ -17276,14 +17637,14 @@ msgid "" "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:154 +#: ../source/specifications/simple-repository-api.rst:163 msgid "" "What this means is left up to the specific installer, to decide how to best " "fit into the overall usage of their installer. However, there are two " "suggested approaches to take:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:158 +#: ../source/specifications/simple-repository-api.rst:167 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "a version specifier that \"pins\" to an exact version using either ``==`` " @@ -17293,7 +17654,7 @@ msgid "" "versions, zero padding, etc." msgstr "" -#: ../source/specifications/simple-repository-api.rst:165 +#: ../source/specifications/simple-repository-api.rst:174 msgid "" "Yanked files are always ignored, unless they are the only file that matches " "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to " @@ -17301,7 +17662,7 @@ msgid "" "creating or updating a lock file from some input file or command." msgstr "" -#: ../source/specifications/simple-repository-api.rst:171 +#: ../source/specifications/simple-repository-api.rst:180 msgid "" "Regardless of the specific strategy that an installer chooses for deciding " "when to install yanked files, an installer **SHOULD** emit a warning when it " @@ -17310,38 +17671,38 @@ msgid "" "specific feedback to the user about why that file had been yanked." msgstr "" -#: ../source/specifications/simple-repository-api.rst:179 +#: ../source/specifications/simple-repository-api.rst:188 msgid "Mirrors" msgstr "" -#: ../source/specifications/simple-repository-api.rst:181 +#: ../source/specifications/simple-repository-api.rst:190 msgid "Mirrors can generally treat yanked files one of two ways:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:183 +#: ../source/specifications/simple-repository-api.rst:192 msgid "" "They may choose to omit them from their simple repository API completely, " "providing a view over the repository that shows only \"active\", unyanked " "files." msgstr "" -#: ../source/specifications/simple-repository-api.rst:186 +#: ../source/specifications/simple-repository-api.rst:195 msgid "" "They may choose to include yanked files, and additionally mirror the ``data-" "yanked`` attribute as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:189 +#: ../source/specifications/simple-repository-api.rst:198 msgid "" "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-" "yanked`` attribute for it." msgstr "" -#: ../source/specifications/simple-repository-api.rst:195 +#: ../source/specifications/simple-repository-api.rst:204 msgid "Versioning PyPI's Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:197 +#: ../source/specifications/simple-repository-api.rst:206 msgid "" "This spec proposes the inclusion of a meta tag on the responses of every " "successful request to a simple API page, which contains a name attribute of " @@ -17352,29 +17713,29 @@ msgid "" "`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:205 +#: ../source/specifications/simple-repository-api.rst:214 msgid "This would end up looking like::" msgstr "" -#: ../source/specifications/simple-repository-api.rst:209 +#: ../source/specifications/simple-repository-api.rst:218 msgid "When interpreting the repository version:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:211 +#: ../source/specifications/simple-repository-api.rst:220 msgid "" "Incrementing the major version is used to signal a backwards incompatible " "change such that existing clients would no longer be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:214 +#: ../source/specifications/simple-repository-api.rst:223 msgid "" "Incrementing the minor version is used to signal a backwards compatible " "change such that existing clients would still be expected to be able to " "meaningfully use the API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:218 +#: ../source/specifications/simple-repository-api.rst:227 msgid "" "It is left up to the discretion of any future specs as to what specifically " "constitutes a backwards incompatible vs compatible change beyond the broad " @@ -17383,7 +17744,7 @@ msgid "" "features." msgstr "" -#: ../source/specifications/simple-repository-api.rst:224 +#: ../source/specifications/simple-repository-api.rst:233 msgid "" "It is expectation of this spec that the major version will never be " "incremented, and any future major API evolutions would utilize a different " @@ -17393,50 +17754,50 @@ msgid "" "set to a version >= 2)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:231 +#: ../source/specifications/simple-repository-api.rst:240 msgid "" "This spec sets the current API version to \"1.0\", and expects that future " "specs that further evolve the simple API will increment the minor version " "number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:237 -#: ../source/specifications/simple-repository-api.rst:957 +#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:971 #, fuzzy #| msgid "Contents" msgid "Clients" msgstr "内容" -#: ../source/specifications/simple-repository-api.rst:239 +#: ../source/specifications/simple-repository-api.rst:248 msgid "" "Clients interacting with the simple API **SHOULD** introspect each response " "for the repository version, and if that data does not exist **MUST** assume " "that it is version 1.0." msgstr "" -#: ../source/specifications/simple-repository-api.rst:243 +#: ../source/specifications/simple-repository-api.rst:252 msgid "" "When encountering a major version greater than expected, clients **MUST** " "hard fail with an appropriate error message for the user." msgstr "" -#: ../source/specifications/simple-repository-api.rst:246 +#: ../source/specifications/simple-repository-api.rst:255 msgid "" "When encountering a minor version greater than expected, clients **SHOULD** " "warn users with an appropriate message." msgstr "" -#: ../source/specifications/simple-repository-api.rst:249 +#: ../source/specifications/simple-repository-api.rst:258 msgid "" "Clients **MAY** still continue to use feature detection in order to " "determine what features a repository uses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:255 +#: ../source/specifications/simple-repository-api.rst:264 msgid "Serve Distribution Metadata in the Simple Repository API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:257 +#: ../source/specifications/simple-repository-api.rst:266 msgid "" "In a simple repository's project page, each anchor tag pointing to a " "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The " @@ -17445,7 +17806,7 @@ msgid "" "when the distribution is processed and/or installed." msgstr "" -#: ../source/specifications/simple-repository-api.rst:263 +#: ../source/specifications/simple-repository-api.rst:272 msgid "" "If a ``data-dist-info-metadata`` attribute is present, the repository " "**MUST** serve the distribution's Core Metadata file alongside the " @@ -17457,7 +17818,7 @@ msgid "" "GPG signature file's location." msgstr "" -#: ../source/specifications/simple-repository-api.rst:272 +#: ../source/specifications/simple-repository-api.rst:281 msgid "" "The repository **SHOULD** provide the hash of the Core Metadata file as the " "``data-dist-info-metadata`` attribute's value using the syntax " @@ -17467,18 +17828,18 @@ msgid "" "unavailable." msgstr "" -#: ../source/specifications/simple-repository-api.rst:280 +#: ../source/specifications/simple-repository-api.rst:289 msgid "Backwards Compatibility" msgstr "" -#: ../source/specifications/simple-repository-api.rst:282 +#: ../source/specifications/simple-repository-api.rst:291 msgid "" "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are " "expected to revert to their current behaviour of downloading the " "distribution to inspect the metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:286 +#: ../source/specifications/simple-repository-api.rst:295 msgid "" "Older tools not supporting the new ``data-dist-info-metadata`` attribute are " "expected to ignore the attribute and maintain their current behaviour of " @@ -17486,11 +17847,11 @@ msgid "" "prior ``data-`` attribute additions expect existing tools to operate." msgstr "" -#: ../source/specifications/simple-repository-api.rst:295 +#: ../source/specifications/simple-repository-api.rst:304 msgid "JSON-based Simple API for Python Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:297 +#: ../source/specifications/simple-repository-api.rst:306 msgid "" "To enable response parsing with only the standard library, this spec " "specifies that all responses (besides the files themselves, and the HTML " @@ -17498,7 +17859,7 @@ msgid "" "base>`) should be serialized using `JSON `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:302 +#: ../source/specifications/simple-repository-api.rst:311 msgid "" "To enable zero configuration discovery and to minimize the amount of " "additional HTTP requests, this spec extends :ref:`the base HTML API " @@ -17508,7 +17869,7 @@ msgid "" "format to serve, i.e. either HTML or JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:312 +#: ../source/specifications/simple-repository-api.rst:321 msgid "" "Versioning will adhere to :ref:`the API versioning specification ` format (``Major.Minor``), which has defined the " @@ -17518,7 +17879,7 @@ msgid "" "``1.0`` version, and instead just describes how to serialize that into JSON." msgstr "" -#: ../source/specifications/simple-repository-api.rst:319 +#: ../source/specifications/simple-repository-api.rst:328 msgid "" "Similar to :ref:`the API versioning specification `, the major version number **MUST** be incremented if any " @@ -17526,28 +17887,28 @@ msgid "" "existing clients to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:325 +#: ../source/specifications/simple-repository-api.rst:334 msgid "" "Likewise, the minor version **MUST** be incremented if features are added or " "removed from the format, but existing clients would be expected to continue " "to meaningfully understand the format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:329 +#: ../source/specifications/simple-repository-api.rst:338 msgid "" "Changes that would not result in existing clients being unable to " "meaningfully understand the format and which do not represent features being " "added or removed may occur without changing the version number." msgstr "" -#: ../source/specifications/simple-repository-api.rst:333 +#: ../source/specifications/simple-repository-api.rst:342 msgid "" "This is intentionally vague, as this spec believes it is best left up to " "future specs that make any changes to the API to investigate and decide " "whether or not that change should increment the major or minor version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:337 +#: ../source/specifications/simple-repository-api.rst:346 msgid "" "Future versions of the API may add things that can only be represented in a " "subset of the available serializations of that version. All serializations " @@ -17556,38 +17917,38 @@ msgid "" "whether or not that feature is present at all." msgstr "" -#: ../source/specifications/simple-repository-api.rst:343 +#: ../source/specifications/simple-repository-api.rst:352 msgid "" "It is the intent of this spec that the API should be thought of as URL " "endpoints that return data, whose interpretation is defined by the version " "of that data, and then serialized into the target serialization format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:351 +#: ../source/specifications/simple-repository-api.rst:360 #, fuzzy msgid "JSON Serialization" msgstr "翻譯" -#: ../source/specifications/simple-repository-api.rst:353 +#: ../source/specifications/simple-repository-api.rst:362 msgid "" "The URL structure from :ref:`the base HTML API specification ` still applies, as this spec only adds an additional " "serialization format for the already existing API." msgstr "" -#: ../source/specifications/simple-repository-api.rst:357 +#: ../source/specifications/simple-repository-api.rst:366 msgid "" "The following constraints apply to all JSON serialized responses described " "in this spec:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:360 +#: ../source/specifications/simple-repository-api.rst:369 msgid "" "All JSON responses will *always* be a JSON object rather than an array or " "other type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:363 +#: ../source/specifications/simple-repository-api.rst:372 msgid "" "While JSON doesn't natively support a URL type, any value that represents an " "URL in this API may be either absolute or relative as long as they point to " @@ -17595,19 +17956,19 @@ msgid "" "if it were HTML." msgstr "" -#: ../source/specifications/simple-repository-api.rst:368 +#: ../source/specifications/simple-repository-api.rst:377 msgid "" "Additional keys may be added to any dictionary objects in the API responses " "and clients **MUST** ignore keys that they don't understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:371 +#: ../source/specifications/simple-repository-api.rst:380 msgid "" "All JSON responses will have a ``meta`` key, which contains information " "related to the response itself, rather than the content of the response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:374 +#: ../source/specifications/simple-repository-api.rst:383 msgid "" "All JSON responses will have a ``meta.api-version`` key, which will be a " "string that contains the :ref:`API versioning specification `." msgstr "" -#: ../source/specifications/simple-repository-api.rst:380 +#: ../source/specifications/simple-repository-api.rst:389 msgid "" "All requirements of :ref:`the base HTML API specification ` that are not HTML specific still apply." msgstr "" -#: ../source/specifications/simple-repository-api.rst:385 +#: ../source/specifications/simple-repository-api.rst:394 #, fuzzy #| msgid "Project name" msgid "Project List" msgstr "專案名稱" -#: ../source/specifications/simple-repository-api.rst:387 +#: ../source/specifications/simple-repository-api.rst:396 msgid "" "The root URL ``/`` for this spec (which represents the base URL) will be a " "JSON encoded dictionary which has a two keys:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:390 +#: ../source/specifications/simple-repository-api.rst:399 msgid "" "``projects``: An array where each entry is a dictionary with a single key, " "``name``, which represents string of the project name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:391 -#: ../source/specifications/simple-repository-api.rst:440 +#: ../source/specifications/simple-repository-api.rst:400 +#: ../source/specifications/simple-repository-api.rst:449 msgid "" "``meta``: The general response metadata as `described earlier `__." msgstr "" -#: ../source/specifications/simple-repository-api.rst:393 -#: ../source/specifications/simple-repository-api.rst:499 +#: ../source/specifications/simple-repository-api.rst:402 +#: ../source/specifications/simple-repository-api.rst:512 msgid "As an example:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:410 +#: ../source/specifications/simple-repository-api.rst:419 msgid "" "The ``name`` field is the same as the one from :ref:`the base HTML API " "specification `, which does not specify whether " @@ -17662,7 +18023,7 @@ msgid "" "implementation detail of the repository in question." msgstr "" -#: ../source/specifications/simple-repository-api.rst:420 +#: ../source/specifications/simple-repository-api.rst:429 msgid "" "While the ``projects`` key is an array, and thus is required to be in some " "kind of an order, neither :ref:`the base HTML API specification /`` where the ```` is " "replaced by the :ref:`the base HTML API specification `, the ``requires-python`` key does not require " "any special escaping other than anything JSON does naturally." msgstr "" -#: ../source/specifications/simple-repository-api.rst:469 +#: ../source/specifications/simple-repository-api.rst:478 msgid "" "``dist-info-metadata``: An **optional** key that indicates that metadata for " "this file is available, via the same location as specified in :ref:`the API " @@ -17763,27 +18124,27 @@ msgid "" "dictionary mapping hash names to a hex encoded digest of the metadata's hash." msgstr "" -#: ../source/specifications/simple-repository-api.rst:477 +#: ../source/specifications/simple-repository-api.rst:486 msgid "" "When this is a dictionary of hashes instead of a boolean, then all the same " "requirements and recommendations as the ``hashes`` key hold true for this " "key as well." msgstr "" -#: ../source/specifications/simple-repository-api.rst:481 +#: ../source/specifications/simple-repository-api.rst:490 msgid "" "If this key is missing then the metadata file may or may not exist. If the " "key value is truthy, then the metadata file is present, and if it is falsey " "then it is not." msgstr "" -#: ../source/specifications/simple-repository-api.rst:485 +#: ../source/specifications/simple-repository-api.rst:494 msgid "" "It is recommended that servers make the hashes of the metadata file " "available if possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:487 +#: ../source/specifications/simple-repository-api.rst:496 msgid "" "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file " "has an associated GPG signature or not. The URL for the signature file " @@ -17792,7 +18153,7 @@ msgid "" "the signature may or may not exist." msgstr "" -#: ../source/specifications/simple-repository-api.rst:492 +#: ../source/specifications/simple-repository-api.rst:501 msgid "" "``yanked``: An **optional** key which may be either a boolean to indicate if " "the file has been yanked, or a non empty, but otherwise arbitrary, string to " @@ -17803,7 +18164,15 @@ msgid "" "api-yank>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:529 +#: ../source/specifications/simple-repository-api.rst:507 +msgid "" +"``provenance``: An **optional** key which, if present **MUST** be either a " +"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's " +"associated provenance, with the same rules as ``data-provenance`` in the :" +"ref:`base HTML API specification `." +msgstr "" + +#: ../source/specifications/simple-repository-api.rst:543 msgid "" "While the ``files`` key is an array, and thus is required to be in some kind " "of an order, neither :ref:`the base HTML API specification ` API responses to use the " @@ -17868,12 +18237,12 @@ msgid "" "alias for the ``application/vnd.pypi.simple.v1+html`` content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:572 +#: ../source/specifications/simple-repository-api.rst:586 #, fuzzy msgid "Version + Format Selection" msgstr "翻譯" -#: ../source/specifications/simple-repository-api.rst:574 +#: ../source/specifications/simple-repository-api.rst:588 msgid "" "Now that there is multiple possible serializations, we need a mechanism to " "allow clients to indicate what serialization formats they're able to " @@ -17882,65 +18251,65 @@ msgid "" "expecting the previous API version." msgstr "" -#: ../source/specifications/simple-repository-api.rst:579 +#: ../source/specifications/simple-repository-api.rst:593 msgid "" "To enable this, this spec standardizes on the use of HTTP's `Server-Driven " "Content Negotiation `_." msgstr "" -#: ../source/specifications/simple-repository-api.rst:582 +#: ../source/specifications/simple-repository-api.rst:596 msgid "" "While this spec won't fully describe the entirety of server-driven content " "negotiation, the flow is roughly:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:585 +#: ../source/specifications/simple-repository-api.rst:599 msgid "" "The client makes an HTTP request containing an ``Accept`` header listing all " "of the version+format content types that they are able to understand." msgstr "" -#: ../source/specifications/simple-repository-api.rst:587 +#: ../source/specifications/simple-repository-api.rst:601 msgid "" "The server inspects that header, selects one of the listed content types, " "then returns a response using that content type (treating the absence of an " "``Accept`` header as ``Accept: */*``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:590 +#: ../source/specifications/simple-repository-api.rst:604 msgid "" "If the server does not support any of the content types in the ``Accept`` " "header then they are able to choose between 3 different options for how to " "respond:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:594 +#: ../source/specifications/simple-repository-api.rst:608 msgid "" "Select a default content type other than what the client has requested and " "return a response with that." msgstr "" -#: ../source/specifications/simple-repository-api.rst:596 +#: ../source/specifications/simple-repository-api.rst:610 msgid "" "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the " "requested content types were available, and the server was unable or " "unwilling to select a default content type to respond with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:599 +#: ../source/specifications/simple-repository-api.rst:613 msgid "" "Return a HTTP ``300 Multiple Choices`` response that contains a list of all " "of the possible responses that could have been chosen." msgstr "" -#: ../source/specifications/simple-repository-api.rst:601 +#: ../source/specifications/simple-repository-api.rst:615 msgid "" "The client interprets the response, handling the different types of " "responses that the server may have responded with." msgstr "" -#: ../source/specifications/simple-repository-api.rst:604 +#: ../source/specifications/simple-repository-api.rst:618 msgid "" "This spec does not specify which choices the server makes in regards to " "handling a content type that it isn't able to return, and clients **SHOULD** " @@ -17948,7 +18317,7 @@ msgid "" "the most sense for that client." msgstr "" -#: ../source/specifications/simple-repository-api.rst:609 +#: ../source/specifications/simple-repository-api.rst:623 msgid "" "However, as there is no standard format for how a ``300 Multiple Choices`` " "response can be interpreted, this spec highly discourages servers from " @@ -17959,7 +18328,7 @@ msgid "" "error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:616 +#: ../source/specifications/simple-repository-api.rst:630 msgid "" "This spec **does** require that if the meta version ``latest`` is being " "used, the server **MUST** respond with the content type for the actual " @@ -17968,33 +18337,33 @@ msgid "" "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:623 +#: ../source/specifications/simple-repository-api.rst:637 msgid "" "The ``Accept`` header is a comma separated list of content types that the " "client understands and is able to process. It supports three different " "formats for each content type that is being requested:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:627 +#: ../source/specifications/simple-repository-api.rst:641 msgid "``$type/$subtype``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:628 +#: ../source/specifications/simple-repository-api.rst:642 msgid "``$type/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:629 +#: ../source/specifications/simple-repository-api.rst:643 msgid "``*/*``" msgstr "" -#: ../source/specifications/simple-repository-api.rst:631 +#: ../source/specifications/simple-repository-api.rst:645 msgid "" "For the use of selecting a version+format, the most useful of these is " "``$type/$subtype``, as that is the only way to actually specify the version " "and format you want." msgstr "" -#: ../source/specifications/simple-repository-api.rst:635 +#: ../source/specifications/simple-repository-api.rst:649 msgid "" "The order of the content types listed in the ``Accept`` header does not have " "any specific meaning, and the server **SHOULD** consider all of them to be " @@ -18004,7 +18373,7 @@ msgid "" "Quality_values>`_ syntax." msgstr "" -#: ../source/specifications/simple-repository-api.rst:642 +#: ../source/specifications/simple-repository-api.rst:656 msgid "" "This allows a client to specify a priority for a specific entry in their " "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` " @@ -18014,7 +18383,7 @@ msgid "" "quality of ``1``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:648 +#: ../source/specifications/simple-repository-api.rst:662 msgid "" "However, clients should keep in mind that a server is free to select **any** " "of the content types they've asked for, regardless of their requested " @@ -18022,7 +18391,7 @@ msgid "" "for." msgstr "" -#: ../source/specifications/simple-repository-api.rst:652 +#: ../source/specifications/simple-repository-api.rst:666 msgid "" "To aid clients in determining the content type of the response that they " "have received from an API request, this spec requires that servers always " @@ -18033,22 +18402,22 @@ msgid "" "collector.py#L123-L150>`_ so the risks for actual breakages is low." msgstr "" -#: ../source/specifications/simple-repository-api.rst:659 +#: ../source/specifications/simple-repository-api.rst:673 msgid "An example of how a client can operate would look like:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:710 +#: ../source/specifications/simple-repository-api.rst:724 msgid "" "If a client wishes to only support HTML or only support JSON, then they " "would just remove the content types that they do not want from the " "``Accept`` header, and turn receiving them into an error." msgstr "" -#: ../source/specifications/simple-repository-api.rst:716 +#: ../source/specifications/simple-repository-api.rst:730 msgid "Alternative Negotiation Mechanisms" msgstr "" -#: ../source/specifications/simple-repository-api.rst:718 +#: ../source/specifications/simple-repository-api.rst:732 msgid "" "While using HTTP's Content negotiation is considered the standard way for a " "client and server to coordinate to ensure that the client is getting an HTTP " @@ -18057,25 +18426,25 @@ msgid "" "negotiation mechanisms that may *optionally* be used instead." msgstr "" -#: ../source/specifications/simple-repository-api.rst:726 +#: ../source/specifications/simple-repository-api.rst:740 msgid "URL Parameter" msgstr "" -#: ../source/specifications/simple-repository-api.rst:728 +#: ../source/specifications/simple-repository-api.rst:742 msgid "" "Servers that implement the Simple API may choose to support a URL parameter " "named ``format`` to allow the clients to request a specific version of the " "URL." msgstr "" -#: ../source/specifications/simple-repository-api.rst:731 +#: ../source/specifications/simple-repository-api.rst:745 msgid "" "The value of the ``format`` parameter should be **one** of the valid content " "types. Passing multiple content types, wild cards, quality values, etc... is " "**not** supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:735 +#: ../source/specifications/simple-repository-api.rst:749 msgid "" "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it " "for interacting with the API. This negotiation mechanism is intended to " @@ -18083,13 +18452,13 @@ msgid "" "allow documentation or notes to link to a specific version+format." msgstr "" -#: ../source/specifications/simple-repository-api.rst:740 +#: ../source/specifications/simple-repository-api.rst:754 msgid "" "Servers that do not support this parameter may choose to return an error " "when it is present, or they may simple ignore its presence." msgstr "" -#: ../source/specifications/simple-repository-api.rst:743 +#: ../source/specifications/simple-repository-api.rst:757 msgid "" "When a server does implement this parameter, it **SHOULD** take precedence " "over any values in the client's ``Accept`` header, and if the server does " @@ -18099,18 +18468,18 @@ msgid "" "``303 Multiple Choices``, or selecting a default type to return)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:752 +#: ../source/specifications/simple-repository-api.rst:766 msgid "Endpoint Configuration" msgstr "" -#: ../source/specifications/simple-repository-api.rst:754 +#: ../source/specifications/simple-repository-api.rst:768 msgid "" "This option technically is not a special option at all, it is just a natural " "consequence of using content negotiation and allowing servers to select " "which of the available content types is their default." msgstr "" -#: ../source/specifications/simple-repository-api.rst:758 +#: ../source/specifications/simple-repository-api.rst:772 msgid "" "If a server is unwilling or unable to implement the server-driven content " "negotiation, and would instead rather require users to explicitly configure " @@ -18118,7 +18487,7 @@ msgid "" "configuration." msgstr "" -#: ../source/specifications/simple-repository-api.rst:762 +#: ../source/specifications/simple-repository-api.rst:776 msgid "" "To enable this, a server should make multiple endpoints (for instance, ``/" "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that " @@ -18128,7 +18497,7 @@ msgid "" "and return the content type that corresponds to that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:769 +#: ../source/specifications/simple-repository-api.rst:783 msgid "" "For clients that wish to require specific configuration, they can keep track " "of which version+format a specific repository URL was configured for, and " @@ -18136,11 +18505,11 @@ msgid "" "includes the correct content type." msgstr "" -#: ../source/specifications/simple-repository-api.rst:776 +#: ../source/specifications/simple-repository-api.rst:790 msgid "TUF Support - PEP 458" msgstr "" -#: ../source/specifications/simple-repository-api.rst:778 +#: ../source/specifications/simple-repository-api.rst:792 msgid "" ":pep:`458` requires that all API responses are hashable and that they can be " "uniquely identified by a path relative to the repository root. For a Simple " @@ -18151,7 +18520,7 @@ msgid "" "that all hash differently." msgstr "" -#: ../source/specifications/simple-repository-api.rst:785 +#: ../source/specifications/simple-repository-api.rst:799 msgid "" ":pep:`458` does not specify what the target path should be for the Simple " "API, but TUF requires that the target paths be \"file-like\", in other " @@ -18159,7 +18528,7 @@ msgid "" "technically points to a directory." msgstr "" -#: ../source/specifications/simple-repository-api.rst:790 +#: ../source/specifications/simple-repository-api.rst:804 msgid "" "The saving grace is that the target path does not *have* to actually match " "the URL being fetched from the Simple API, and it can just be a sigil that " @@ -18168,7 +18537,7 @@ msgid "" "HTTP request, such as the ``Accept`` header." msgstr "" -#: ../source/specifications/simple-repository-api.rst:796 +#: ../source/specifications/simple-repository-api.rst:810 msgid "" "Ultimately figuring out how to map a directory to a filename is out of scope " "for this spec (but it would be in scope for :pep:`458`), and this spec " @@ -18176,7 +18545,7 @@ msgid "" "`458` metadata." msgstr "" -#: ../source/specifications/simple-repository-api.rst:800 +#: ../source/specifications/simple-repository-api.rst:814 msgid "" "However, it appears that the current WIP branch against pip that attempts to " "implement :pep:`458` is using a target path like ``simple/PROJECT/index." @@ -18186,20 +18555,20 @@ msgid "" "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:807 +#: ../source/specifications/simple-repository-api.rst:821 msgid "" "In this case, since ``text/html`` is an alias to ``application/vnd.pypi." "simple.v1+html`` when interacting through TUF, it likely will make the most " "sense to normalize to the more explicit name." msgstr "" -#: ../source/specifications/simple-repository-api.rst:811 +#: ../source/specifications/simple-repository-api.rst:825 msgid "" "Likewise the ``latest`` metaversion should not be included in the targets, " "only explicitly declared versions should be supported." msgstr "" -#: ../source/specifications/simple-repository-api.rst:817 +#: ../source/specifications/simple-repository-api.rst:831 msgid "" "This section is non-normative, and represents what the spec authors believe " "to be the best default implementation decisions for something implementing " @@ -18207,7 +18576,7 @@ msgid "" "these decisions." msgstr "" -#: ../source/specifications/simple-repository-api.rst:821 +#: ../source/specifications/simple-repository-api.rst:835 msgid "" "These decisions have been chosen to maximize the number of requests that can " "be moved onto the newest version of an API, while maintaining the greatest " @@ -18216,18 +18585,18 @@ msgid "" "choices it can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:826 +#: ../source/specifications/simple-repository-api.rst:840 msgid "It is recommended that servers:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:828 +#: ../source/specifications/simple-repository-api.rst:842 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can, or at least as long " "as they're receiving non trivial traffic that uses the HTML responses." msgstr "" -#: ../source/specifications/simple-repository-api.rst:832 +#: ../source/specifications/simple-repository-api.rst:846 msgid "" "When encountering an ``Accept`` header that does not contain any content " "types that it knows how to work with, the server should not ever return a " @@ -18235,13 +18604,13 @@ msgid "" "Acceptable`` response." msgstr "" -#: ../source/specifications/simple-repository-api.rst:837 +#: ../source/specifications/simple-repository-api.rst:851 msgid "" "However, if choosing to use the endpoint configuration, you should prefer to " "return a ``200 OK`` response in the expected content type for that endpoint." msgstr "" -#: ../source/specifications/simple-repository-api.rst:840 +#: ../source/specifications/simple-repository-api.rst:854 msgid "" "When selecting an acceptable version, the server should choose the highest " "version that the client supports, with the most expressive/featureful " @@ -18250,23 +18619,23 @@ msgid "" "should only use the ``text/html`` content type as a last resort." msgstr "" -#: ../source/specifications/simple-repository-api.rst:846 +#: ../source/specifications/simple-repository-api.rst:860 msgid "It is recommended that clients:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:848 +#: ../source/specifications/simple-repository-api.rst:862 msgid "" "Support all 3 content types described in this spec, using server-driven " "content negotiation, for as long as they reasonably can." msgstr "" -#: ../source/specifications/simple-repository-api.rst:851 +#: ../source/specifications/simple-repository-api.rst:865 msgid "" "When constructing an ``Accept`` header, include all of the content types " "that you support." msgstr "" -#: ../source/specifications/simple-repository-api.rst:854 +#: ../source/specifications/simple-repository-api.rst:868 msgid "" "You should generally *not* include a quality priority value for your content " "types, unless you have implementation specific reasons that you want the " @@ -18275,63 +18644,63 @@ msgid "" "responses that you're unable to parse in some edge cases)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:860 +#: ../source/specifications/simple-repository-api.rst:874 msgid "" "The one exception to this recommendation is that it is recommended that you " "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content " "type, unless it is the only content type that you are requesting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:864 +#: ../source/specifications/simple-repository-api.rst:878 msgid "" "Explicitly select what versions they are looking for, rather than using the " "``latest`` meta version during normal operation." msgstr "" -#: ../source/specifications/simple-repository-api.rst:867 +#: ../source/specifications/simple-repository-api.rst:881 msgid "" "Check the ``Content-Type`` of the response and ensure it matches something " "that you were expecting." msgstr "" -#: ../source/specifications/simple-repository-api.rst:871 +#: ../source/specifications/simple-repository-api.rst:885 msgid "Additional Fields for the Simple API for Package Indexes" msgstr "" -#: ../source/specifications/simple-repository-api.rst:873 +#: ../source/specifications/simple-repository-api.rst:887 msgid "" "This specification defines version 1.1 of the simple repository API. For the " "HTML version of the API, there is no change from version 1.0. For the JSON " "version of the API, the following changes are made:" msgstr "" -#: ../source/specifications/simple-repository-api.rst:877 +#: ../source/specifications/simple-repository-api.rst:891 msgid "The ``api-version`` must specify version 1.1 or later." msgstr "" -#: ../source/specifications/simple-repository-api.rst:878 +#: ../source/specifications/simple-repository-api.rst:892 msgid "A new ``versions`` key is added at the top level." msgstr "" -#: ../source/specifications/simple-repository-api.rst:879 +#: ../source/specifications/simple-repository-api.rst:893 msgid "" "Two new \"file information\" keys, ``size`` and ``upload-time``, are added " "to the ``files`` data." msgstr "" -#: ../source/specifications/simple-repository-api.rst:881 +#: ../source/specifications/simple-repository-api.rst:895 msgid "" "Keys (at any level) with a leading underscore are reserved as private for " "index server use. No future standard will assign a meaning to any such key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:884 +#: ../source/specifications/simple-repository-api.rst:898 msgid "" "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is " "optional." msgstr "" -#: ../source/specifications/simple-repository-api.rst:890 +#: ../source/specifications/simple-repository-api.rst:904 msgid "" "An additional key, ``versions`` MUST be present at the top level, in " "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the " @@ -18341,7 +18710,7 @@ msgid "" "duplicates, and the order of the values is not significant." msgstr "" -#: ../source/specifications/simple-repository-api.rst:897 +#: ../source/specifications/simple-repository-api.rst:911 msgid "" "All of the files listed in the ``files`` key MUST be associated with one of " "the versions in the ``versions`` key. The ``versions`` key MAY contain " @@ -18349,7 +18718,7 @@ msgid "" "uploaded, if the server has such a concept)." msgstr "" -#: ../source/specifications/simple-repository-api.rst:902 +#: ../source/specifications/simple-repository-api.rst:916 msgid "" "Note that because servers may hold \"legacy\" data from before the adoption " "of :ref:`the version specifiers specification (VSS) `, " @@ -18358,21 +18727,21 @@ msgid "" "servers SHOULD use normalised VSS versions where possible." msgstr "" -#: ../source/specifications/simple-repository-api.rst:911 +#: ../source/specifications/simple-repository-api.rst:925 msgid "Additional file information" msgstr "" -#: ../source/specifications/simple-repository-api.rst:913 +#: ../source/specifications/simple-repository-api.rst:927 msgid "Two new keys are added to the ``files`` key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:915 +#: ../source/specifications/simple-repository-api.rst:929 msgid "" "``size``: This field is mandatory. It MUST contain an integer which is the " "file size in bytes." msgstr "" -#: ../source/specifications/simple-repository-api.rst:917 +#: ../source/specifications/simple-repository-api.rst:931 msgid "" "``upload-time``: This field is optional. If present, it MUST contain a valid " "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, " @@ -18384,11 +18753,11 @@ msgid "" "key." msgstr "" -#: ../source/specifications/simple-repository-api.rst:926 +#: ../source/specifications/simple-repository-api.rst:940 msgid "Rename dist-info-metadata in the Simple API" msgstr "" -#: ../source/specifications/simple-repository-api.rst:929 +#: ../source/specifications/simple-repository-api.rst:943 msgid "" "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", " "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", " @@ -18396,11 +18765,11 @@ msgid "" "are to be interpreted as described in :rfc:`RFC 2119 <2119>`." msgstr "" -#: ../source/specifications/simple-repository-api.rst:936 +#: ../source/specifications/simple-repository-api.rst:950 msgid "Servers" msgstr "" -#: ../source/specifications/simple-repository-api.rst:938 +#: ../source/specifications/simple-repository-api.rst:952 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the HTML representation of the Simple " @@ -18408,7 +18777,7 @@ msgid "" "with the supported values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:944 +#: ../source/specifications/simple-repository-api.rst:958 msgid "" "The :ref:`the API metadata file specification ` metadata, when used in the :ref:`the JSON API specification " @@ -18417,14 +18786,14 @@ msgid "" "values remaining the same." msgstr "" -#: ../source/specifications/simple-repository-api.rst:950 +#: ../source/specifications/simple-repository-api.rst:964 msgid "" "To support clients that used the previous key names, the HTML representation " "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it " "does so it **MUST** match the value of ``data-core-metadata``." msgstr "" -#: ../source/specifications/simple-repository-api.rst:959 +#: ../source/specifications/simple-repository-api.rst:973 msgid "" "Clients consuming any of the HTML representations of the Simple API **MUST** " "read the :ref:`the API metadata file specification ` and install your package from TestPyPI:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:462 +#: ../source/tutorials/packaging-projects.rst:461 msgid "Make sure to specify your username in the package name!" msgstr "碓保指明你的帳戶名稱於那個套件名稱裏!" -#: ../source/tutorials/packaging-projects.rst:464 +#: ../source/tutorials/packaging-projects.rst:463 msgid "" "pip should install the package from TestPyPI and the output should look " "something like this:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:474 +#: ../source/tutorials/packaging-projects.rst:473 msgid "" "This example uses ``--index-url`` flag to specify TestPyPI instead of live " "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have " @@ -21891,23 +22266,23 @@ msgid "" "installing dependencies when using TestPyPI." msgstr "" -#: ../source/tutorials/packaging-projects.rst:481 +#: ../source/tutorials/packaging-projects.rst:480 msgid "" "You can test that it was installed correctly by importing the package. Make " "sure you're still in your virtual environment, then run Python:" msgstr "" -#: ../source/tutorials/packaging-projects.rst:496 +#: ../source/tutorials/packaging-projects.rst:495 msgid "and import the package:" msgstr "然後載入那個套件:" -#: ../source/tutorials/packaging-projects.rst:508 +#: ../source/tutorials/packaging-projects.rst:507 msgid "" "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 " "✨" msgstr "**恭喜,你已經做好套件而且發佈為一個Python頂目出去!**✨ 🍰 ✨" -#: ../source/tutorials/packaging-projects.rst:511 +#: ../source/tutorials/packaging-projects.rst:510 msgid "" "Keep in mind that this tutorial showed you how to upload your package to " "Test PyPI, which isn't a permanent storage. The Test system occasionally " @@ -21915,14 +22290,14 @@ msgid "" "experiments like this tutorial." msgstr "" -#: ../source/tutorials/packaging-projects.rst:516 +#: ../source/tutorials/packaging-projects.rst:515 msgid "" "When you are ready to upload a real package to the Python Package Index you " "can do much the same as you did in this tutorial, but with these important " "differences:" msgstr "當你真正準備上載一個套件到Python套件索引,你往後可以重複幾次這動作" -#: ../source/tutorials/packaging-projects.rst:520 +#: ../source/tutorials/packaging-projects.rst:519 #, fuzzy msgid "" "Choose a memorable and unique name for your package. You don't have to " @@ -21932,14 +22307,14 @@ msgstr "" "為你的套件選擇一個稔熟且獨特的名字。由於你已經在教學中做了一次,所以你不用在" "此再加上你的用戶名稱。" -#: ../source/tutorials/packaging-projects.rst:522 +#: ../source/tutorials/packaging-projects.rst:521 msgid "" "Register an account on https://pypi.org - note that these are two separate " "servers and the login details from the test server are not shared with the " "main server." msgstr "於https://pypi.org網址內登記一個帳戶-謹記這是兩個截然不同的伺服器和" -#: ../source/tutorials/packaging-projects.rst:525 +#: ../source/tutorials/packaging-projects.rst:524 msgid "" "Use ``twine upload dist/*`` to upload your package and enter your " "credentials for the account you registered on the real PyPI. Now that " @@ -21947,45 +22322,45 @@ msgid "" "repository``; the package will upload to https://pypi.org/ by default." msgstr "" -#: ../source/tutorials/packaging-projects.rst:529 +#: ../source/tutorials/packaging-projects.rst:528 msgid "" "Install your package from the real PyPI using ``python3 -m pip install [your-" "package]``." msgstr "" "使用 ``python3 -m pip install [your-package]`` 以從真正的PyPI安裝您的套件。" -#: ../source/tutorials/packaging-projects.rst:531 +#: ../source/tutorials/packaging-projects.rst:530 msgid "" "At this point if you want to read more on packaging Python libraries here " "are some things you can do:" msgstr "此時,如果您想閱讀有關打包 Python 庫的更多信息,您可以執行以下操作:" -#: ../source/tutorials/packaging-projects.rst:534 +#: ../source/tutorials/packaging-projects.rst:533 msgid "" "Read about advanced configuration for your chosen build backend: `Hatchling " "`_, :doc:`setuptools `, :doc:`Flit `, `PDM `_." msgstr "" -#: ../source/tutorials/packaging-projects.rst:538 +#: ../source/tutorials/packaging-projects.rst:537 msgid "" "Look at the :doc:`guides ` on this site for more advanced " "practical information, or the :doc:`discussions ` for " "explanations and background on specific topics." msgstr "" -#: ../source/tutorials/packaging-projects.rst:541 +#: ../source/tutorials/packaging-projects.rst:540 msgid "" "Consider packaging tools that provide a single command-line interface for " "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:" "`pdm`, and :ref:`poetry`." msgstr "" -#: ../source/tutorials/packaging-projects.rst:549 +#: ../source/tutorials/packaging-projects.rst:548 msgid "Notes" msgstr "" -#: ../source/tutorials/packaging-projects.rst:551 +#: ../source/tutorials/packaging-projects.rst:550 msgid "" "Technically, you can also create Python packages without an ``__init__.py`` " "file, but those are called :doc:`namespace packages Date: Mon, 25 Nov 2024 22:53:53 +0100 Subject: [PATCH 4/4] Translated using Weblate (Spanish) Currently translated at 8.2% (296 of 3600 strings) Co-authored-by: gallegonovato Translate-URL: https://hosted.weblate.org/projects/pypa/packaging-python-org/es/ Translation: pypa/packaging.python.org --- locales/es/LC_MESSAGES/messages.po | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/locales/es/LC_MESSAGES/messages.po b/locales/es/LC_MESSAGES/messages.po index 0687f275f..d3b7e62b4 100644 --- a/locales/es/LC_MESSAGES/messages.po +++ b/locales/es/LC_MESSAGES/messages.po @@ -16,16 +16,16 @@ msgstr "" "Project-Id-Version: Python Packaging User Guide\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-11-24 11:39+0000\n" -"PO-Revision-Date: 2024-09-17 19:22+0000\n" +"PO-Revision-Date: 2024-11-24 22:33+0000\n" "Last-Translator: gallegonovato \n" -"Language-Team: Spanish \n" +"Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 5.8-dev\n" +"X-Generator: Weblate 5.9-dev\n" #: ../source/contribute.rst:5 msgid "Contribute to this guide"