Python bindings HOWTO proof reader request
muelli at cryptobitch.de
Thu Mar 15 15:50:46 CET 2018
On Fri, 2018-03-16 at 00:00 +1100, Ben McGinnes wrote:
> I'd appreciate some fresh eyes proof reading it before I merge it with
> master. The full thing, in org-mode format,is here:
Can you elaborate on this paragraph:
Most third-party Python packages and modules are available and
distributed through the Python Package Installer, known as PyPI.
Due to the nature of what these bindings are and how they work, it
is infeasible to install the GPGME Python bindings in the same way.
Without any further explanation I consider the argument to be weak.
What's the nature and how is it different from all the other binary
packages on pypi?
These days, with Python manylinux wheels it's much easier to distribute
your package along with the dependencies.
And libgpgme should be the only dependency, right? Shipping that as part
of the gpg package on pypi would make its adoption easier. Users may
have a compatible version of gpg installed, because other packages
require gpg or even libgpgme. But not necessarily the python bindings.
And having these installed by your distribution is not necessarily an
option, although really only current Ubuntu stable comes to my mind.
Telling the users now to install everything needed to compile something
against your local python version is not as nice as having a manylinux
wheel of gpgme that just works.
If we're taking Ubuntu stable out of the equation, we still might want
users on slow distros to take advantage of a newer python-gpg version.
Maybe one that doesn't crash on 32bit. Having a wheel there might help.
> I'm more interested in being sure that the example code works (it
> should, I was running it as I was writing the thing) and that the
> corresponding text descriptions actually help to clarify what's going
> on in that code.
In the "Key certification" section, I'd appreciate the "expires_in =
2764800" in the example to be more accessible. What is this magic
I notice that there are no sections about getting keys in and out. For a
tool building on OpenPGP that might be an important thing.
More information about the Gnupg-devel