simonw
commented
6 days ago ... hah, it turns out I requested this exact same feature six years ago!
-
5118
Open simonw opened 6 days ago
simonw
commented
6 days ago ... hah, it turns out I requested this exact same feature six years ago!
di
commented
6 days ago I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.
Seems like you want a shortcut to the upstream repository at the commit where the file was published, not what quite what was requested in #5118 (inspect package contents of what has been published to PyPI).
I can then construct this URL on GitHub using that information:
This was discussed in https://github.com/pypi/warehouse/pull/17072#discussion_r1842267952 and is included as a task in https://github.com/pypi/warehouse/issues/17001, so I think this should probably be considered a duplicate of that issue.
What's the problem this feature will solve?
I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.
Describe the solution you'd like
Right now I can do this but it's a bunch of clicks. I can start here: https://pypi.org/project/llm-mistral/#llm_mistral-0.8-py3-none-any.whl - where I see this:
If I click that link through to Sigstore I get this: https://search.sigstore.dev/?logIndex=149649835
I can then construct this URL on GitHub using that information:
https://github.com/simonw/llm-mistral/tree/f590da389e96cfea6980d340ee524622677dc0c3
And that gives me the ability to browse the exact source code I'll get when I use
pip install ...to get that wheel.