It serves two purposes:
@itemize
-@item hosting of private locally uploaded packages
- (conforming to @url{https://www.python.org/dev/peps/pep-0503/, PEP-0503}
- (Simple Repository API))
@item proxying and caching of missing packages from upstream
- @url{https://pypi.org/, PyPI}
+ @url{https://pypi.org/, PyPI}, conforming to
+ @url{https://www.python.org/dev/peps/pep-0503/, PEP-0503}
+ (Simple Repository API)
+@item hosting of private locally uploaded packages, conforming to
+ @url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API}
@end itemize
Initially it was created as a fork of
but nearly all the code was rewritten. It has huge differences:
@itemize
-@item proxying and caching of missing packages
+@item proxying and caching of missing packages, including GPG signatures
@item atomic packages store on filesystem
@item SHA256-checksummed packages: storing checksums, giving them back,
verifying stored files integrity, verifying checksum of uploaded
If @command{twine} sends SHA256 checksum in the request, then uploaded
file is checked against it.
+@option{-gpgupdate} is useful mainly for migrated from Pyshop
+repositories. It forces GPG signature files downloading for all existing
+package files.
+
@node Passwords
@unnumbered Password authentication