The [https://fedoraproject.org/wiki/Packaging:Python#Example_common_spec_file "Example common spec file"] still uses plain HTTP urls. pypi supports HTTPS these days so I think we should recommend that as well.
Also the [https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org/thread/BA4EGMVMHQJEZFEBDT2MZXXTS5MZVQT2/ pypi download urls changed] recently so the example should reflect that as well.
Yes, we know pypi has changed, but so far nobody has provided a draft we could use for updating the guidelines. I note that you have selected the component "Guideline Draft" but... where's the draft?
Replying to [comment:1 tibbs]:
Well I assumed that the change was so trivial that no formal draft was necessary :-)
I see that you updated the example spec to use HTTPS. Do you still need a formal draft to update the source url to {{{https://files.pythonhosted.org/packages/source/e/%{srcname}/%{srcname}-%{version}.tar.gz}}}?
I don't know; is that the proper, accepted stable location that whoever made the crazy decision to change pypi expects us to use now?
The point is, for a quick change you at least need to tell us what needs to be done instead of what is being done now. Saying "it's wrong; see why somewhere in this thread" is not useful. Saying "you should use this; this is why; here are references and info to back that up" is far more useful.
I'm also seeing:
https://pypi.io/packages/source/p/%{srcname}/%{srcname}-%{version}.tar.gz
Since I'm here with a pile of python devs here at flock, I asked which I should use and was told that files.pythonhosted.org is "guaranteed" to provide stable URLs. So I've gone ahead and written those in.
I will go ahead and announce since it's mildly confusing.
Announcement text:
Corrected the suggest source URL for tarballs hosted on pypi to use https://files.pythonhosted.org.
I also wrote a short paragraph into the SourceURL document so that this isn't missed.
Login to comment on this ticket.