You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently learned that PyPI will reject package uploads if the package metadata has one or more classifiers starting with Private ::. I got interested because some of my projects have private version that should never end up on PyPI. But I was left wondering if I could really use this classifier, because my users must be able to upload the private packages to their own private registries, if they want to, and I was afraid the classifier would cause rejection in these alternate registries too. This is not addressed in official docs, but in your own docs you do say:
It does not affect security or privacy settings on alternative registries.
That's interesting! I am now curious to know if you actually checked common alternate registries (Google Cloud Platform Artifact Registry, JFrog's Artifactory, pypiserver, devpi, others?) to confirm whether they actually don't care about such classifiers 🙂
I have found #8214, in which I also posted my use-case, though didn't want to derail the conversation for this specific question.
You have great documentation, thank you for it!
The text was updated successfully, but these errors were encountered:
Private repository servers do NOT restrict the permitted trove classifiers (if they offer a classifier filtering capability at all, it's an opt-in feature when setting up a specific repository).
That's why the Private :: ... classifier convention emerged: PyPI checks it, nobody else does. The lack of documentation in the other repository server implementations is because not checking is the assumed default - PyPI checking them is the exceptional case (and hence the documented one).
I have not personally checked other registries, but yeah from what I understand they will ignore the classifier. Of course, some registry can do whatever it wants because the specification doesn't cover this topic.
Thank you @ncoghlan, @zanieb! The point of view of "it's not standard, so alternate registries should not implement that" is reassuring, but at the same time, yeah they can do whatever they want 😅
OK I think we won't get further than this, closing! Thank you again ❤
I recently learned that PyPI will reject package uploads if the package metadata has one or more classifiers starting with
Private ::
. I got interested because some of my projects have private version that should never end up on PyPI. But I was left wondering if I could really use this classifier, because my users must be able to upload the private packages to their own private registries, if they want to, and I was afraid the classifier would cause rejection in these alternate registries too. This is not addressed in official docs, but in your own docs you do say:That's interesting! I am now curious to know if you actually checked common alternate registries (Google Cloud Platform Artifact Registry, JFrog's Artifactory, pypiserver, devpi, others?) to confirm whether they actually don't care about such classifiers 🙂
I have found #8214, in which I also posted my use-case, though didn't want to derail the conversation for this specific question.
You have great documentation, thank you for it!
The text was updated successfully, but these errors were encountered: