Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

View source for a package, powered by attestations #17122

Closed
simonw opened this issue Nov 19, 2024 · 3 comments · Fixed by #17145
Closed

View source for a package, powered by attestations #17122

simonw opened this issue Nov 19, 2024 · 3 comments · Fixed by #17145
Labels
feature request requires triaging maintainers need to do initial inspection of issue

Comments

@simonw
Copy link

simonw commented Nov 19, 2024

What's the problem this feature will solve?

I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.

Describe the solution you'd like

Right now I can do this but it's a bunch of clicks. I can start here: https://pypi.org/project/llm-mistral/#llm_mistral-0.8-py3-none-any.whl - where I see this:

Image

If I click that link through to Sigstore I get this: https://search.sigstore.dev/?logIndex=149649835

Image

I can then construct this URL on GitHub using that information:

https://github.com/simonw/llm-mistral/tree/f590da389e96cfea6980d340ee524622677dc0c3

And that gives me the ability to browse the exact source code I'll get when I use pip install ... to get that wheel.

@simonw simonw added feature request requires triaging maintainers need to do initial inspection of issue labels Nov 19, 2024
@simonw
Copy link
Author

simonw commented Nov 19, 2024

... hah, it turns out I requested this exact same feature six years ago!

@di
Copy link
Member

di commented Nov 19, 2024

I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.

Seems like you want a shortcut to the upstream repository at the commit where the file was published, not what quite what was requested in #5118 (inspect package contents of what has been published to PyPI).

I can then construct this URL on GitHub using that information:

This was discussed in #17072 (comment) and is included as a task in #17001, so I think this should probably be considered a duplicate of that issue.

@di
Copy link
Member

di commented Dec 2, 2024

Closing as a duplicate of #17001.

@di di closed this as completed Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request requires triaging maintainers need to do initial inspection of issue
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants