2659
Comment: first draft of testing landing page
|
5235
2FA apps
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= Help us test PyPI! = ['''This page is a draft''' and ''not to be used/publicized'' until we close out [[https://github.com/pypa/warehouse/milestone/8|the Maintainer MVP milestone]]. That'll probably be in late February 2018.] |
#language en = Help us test PyPI's 2-Factor Auth! = Warehouse is the code behind the Python Package Repository ([[https://pypi.org/|PyPI]]) ([[https://github.com/pypa/warehouse|source code on GitHub]],[[https://wiki.python.org/psf/WarehouseRoadmap|roadmap]]). We are seeking maintainers of Projects on PyPI to test our new two-factor auth functionality and send us bug reports. |
Line 4: | Line 5: |
Warehouse is a next-generation Python Package Repository designed to replace the legacy code base that currently powers [[https://pypi.python.org/|PyPI]] ([[https://github.com/pypa/pypi-legacy/|source code on GitHub]], [[https://wiki.python.org/psf/WarehouseRoadmap|roadmap]]). If you maintain a package on PyPI, we'd love for you to test it and send us bug reports. Go to [[https://pypi.org/|the pre-production deployment at https://pypi.org/]] and try it out! | Feedback on user experience, accessibility, and overall ease of use are welcome; we want to support your workflows for account management and package maintainership. Go to [[https://test.pypi.org/|the test site at https://test.pypi.org/]] and try it out! <<TableOfContents()>> == Guidelines for Particpation == * By participating, you agree to abide by the [[https://www.pypa.io/en/latest/code-of-conduct/|PyPA Code of Conduct]]. * You should sign up for the [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|PyPI Announcement Mailing List]] for updates. |
Line 7: | Line 14: |
* [[https://packaging.python.org/guides/migrating-to-pypi-org/|Upgrade your versions of twine and setuptools]] * [[https://packaging.python.org/guides/using-testpypi/|Upload a test package to Test PyPI]] * Check whether the project description, release history, download files, project links, maintainers, tags, and classifiers for your project on testpypi.org work correctly ([[https://test.pypi.org/project/1234_hello_world/|example]]) * [[https://packaging.python.org/tutorials/installing-packages/#installing-from-other-indexes|Use pip to install a package from PyPI.org]] * [[https://packaging.python.org/tutorials/distributing-packages/|Upload a new release of your package to PyPI.org]] |
Most of these you can test [[http://pypi.org/|on pypi.org]] once you opt into the private beta. For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use [[https://test.pypi.org/|test.pypi.org]]. |
Line 13: | Line 16: |
== Known issues == [[https://github.com/pypa/warehouse/issues|On GitHub.]] Overview: |
=== Workflows === * Add/Remove 2FA token using TOTP * Add/Remove Maintainer * Add/Remove Owner * Transition Ownership * User Registration and Confirmation * Login/Logout * Password Reset * Remove a project * Remove a release |
Line 16: | Line 27: |
* trove classifier issues * general user account polish, e.g., [[https://github.com/pypa/warehouse/issues/2887|can't recover account by email]] and [[https://github.com/pypa/warehouse/issues/2065|no confirmation email on new account registration]] * until [[https://www.python.org/dev/peps/pep-0541/|PEP 541]] is accepted, we don't have a policy to help us change ownership of package names * version sorting issues * [[https://github.com/pypa/warehouse/issues/2285|confusing "/legacy" URL]] * [[https://github.com/pypa/warehouse/issues/582|deleting legacy documentation]] * [[https://github.com/pypa/warehouse/issues/869|no Markdown support]] * [[https://github.com/pypa/warehouse/issues/1453|localization]] |
== Setting up a TOTP application == Users who have chosen to set up two factor authentication (2FA) on their PyPI account must, once 2FA is set up, provide a second method of identity verification (other than their username and password) for each login. PyPI currently supports a single 2FA method: Generating a code through a TOTP application. When enabling two factor authentication (2FA) via [[https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm|TOTP]] in your account admin, you are asked to provision an application (usually a mobile phone app) in order to generate authentication codes. Popular applications include: * [[https://freeotp.github.io/|FreeOTP]] (open source) * [[https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus|FreeOTP+]] (open source) * Google Authenticator for [[https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2|Android]] or [[https://itunes.apple.com/app/google-authenticator/id388497605|iPhone]] (proprietary) * [[https://authy.com/|Authy]] (proprietary) * Duo Mobile for [[https://play.google.com/store/apps/details?id=com.duosecurity.duomobile|Android]] and [[https://itunes.apple.com/app/duo-mobile/id422663827|iPhone]] (proprietary) == Security == If you find any potential security vulnerabilities, please [[https://pypi.org/security/|follow our published security policy]]. Please don't report security issues in Warehouse via !GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers. == IRC livechat hours == Warehouse developers will be in IRC, in [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]], and available to talk about problems you run into, or about how to hack on Warehouse: 1. Tuesday Feb 27th: [[https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=2&day=27&hour=17&min=0&sec=0&p1=24&p2=198&p3=90|1700 UTC / noon-1pm EST]] 1. Tuesday Feb 27th: [[https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=2&day=27&hour=23&min=0&sec=0&p1=24&p2=198&p3=90|2300 UTC / 6pm-7pm EST]] 1. Thursday March 1st: [[https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=3&day=1&hour=17&min=0&sec=0&p1=24&p2=198&p3=90|1700 UTC / noon-1pm EST]] 1. Thursday March 1st: [[https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=3&day=1&hour=23&min=0&sec=0&p1=24&p2=198&p3=90%20|2300 UTC / 6pm-7pm EST]] Feel free to drop in! == Notice == We're working hard on nearly every aspect of the Warehouse codebase to get it ready for production deployment and are shipping features nearly every day, so check back and maybe even try using https://pypi.org for your maintainer activities full time. Due to the rate of change some errors, downtime, and outright broken features may occur. We have some automated reporting of the scenarios in place, but let us know! Reminder! Sign up for the [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|PyPI Announcement Mailing List]] to be kept in the loop as we continue this process! |
Line 26: | Line 60: |
GitHub: https://github.com/pypa/warehouse/issues/new | Security issues: [[https://pypi.org/security/|email security @ python dot org]] |
Line 28: | Line 62: |
IRC: [[https://webchat.freenode.net/?channels=%23pypa-dev|#pypa-dev on Freenode]] (someone's usually there 10am-5pm Central Time on weekdays) | !GitHub for all other bug reports & feature requests:https://github.com/pypa/warehouse/issues/new IRC: [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]] (someone's usually there 10am-5pm Central Time on weekdays, or come to the [[#IRC_livechat_hours|livechat hours]]) |
Help us test PyPI's 2-Factor Auth!
Warehouse is the code behind the Python Package Repository (PyPI) (source code on GitHub,roadmap). We are seeking maintainers of Projects on PyPI to test our new two-factor auth functionality and send us bug reports.
Feedback on user experience, accessibility, and overall ease of use are welcome; we want to support your workflows for account management and package maintainership. Go to the test site at https://test.pypi.org/ and try it out!
Contents
Guidelines for Particpation
By participating, you agree to abide by the PyPA Code of Conduct.
You should sign up for the PyPI Announcement Mailing List for updates.
Things to test
Most of these you can test on pypi.org once you opt into the private beta. For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use test.pypi.org.
Workflows
- Add/Remove 2FA token using TOTP
- Add/Remove Maintainer
- Add/Remove Owner
- Transition Ownership
- User Registration and Confirmation
- Login/Logout
- Password Reset
- Remove a project
- Remove a release
Setting up a TOTP application
Users who have chosen to set up two factor authentication (2FA) on their PyPI account must, once 2FA is set up, provide a second method of identity verification (other than their username and password) for each login.
PyPI currently supports a single 2FA method: Generating a code through a TOTP application.
When enabling two factor authentication (2FA) via TOTP in your account admin, you are asked to provision an application (usually a mobile phone app) in order to generate authentication codes. Popular applications include:
Security
If you find any potential security vulnerabilities, please follow our published security policy. Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers.
IRC livechat hours
Warehouse developers will be in IRC, in #pypa-dev on Freenode, and available to talk about problems you run into, or about how to hack on Warehouse:
Tuesday Feb 27th: 1700 UTC / noon-1pm EST
Tuesday Feb 27th: 2300 UTC / 6pm-7pm EST
Thursday March 1st: 1700 UTC / noon-1pm EST
Thursday March 1st: 2300 UTC / 6pm-7pm EST
Feel free to drop in!
Notice
We're working hard on nearly every aspect of the Warehouse codebase to get it ready for production deployment and are shipping features nearly every day, so check back and maybe even try using https://pypi.org for your maintainer activities full time. Due to the rate of change some errors, downtime, and outright broken features may occur. We have some automated reporting of the scenarios in place, but let us know!
Reminder! Sign up for the PyPI Announcement Mailing List to be kept in the loop as we continue this process!
Contact us
Security issues: email security @ python dot org
GitHub for all other bug reports & feature requests:https://github.com/pypa/warehouse/issues/new
IRC: #pypa-dev on Freenode (someone's usually there 10am-5pm Central Time on weekdays, or come to the livechat hours)
Email: pypa-dev mailing list
Thank you for testing Warehouse! You're helping us launch sooner and future users of PyPI will appreciate it.