View source for a package, powered by attestations #17122
Labels
Comments
simonw
added
feature request
requires triaging
|
... hah, it turns out I requested this exact same feature six years ago! |
Seems like you want a shortcut to the upstream repository at the commit where the file was published, not what quite what was requested in #5118 (inspect package contents of what has been published to PyPI).
This was discussed in #17072 (comment) and is included as a task in #17001, so I think this should probably be considered a duplicate of that issue. |
|
Closing as a duplicate of #17001. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What's the problem this feature will solve?
I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.
Describe the solution you'd like
Right now I can do this but it's a bunch of clicks. I can start here: https://pypi.org/project/llm-mistral/#llm_mistral-0.8-py3-none-any.whl - where I see this:
If I click that link through to Sigstore I get this: https://search.sigstore.dev/?logIndex=149649835
I can then construct this URL on GitHub using that information:
https://github.com/simonw/llm-mistral/tree/f590da389e96cfea6980d340ee524622677dc0c3
And that gives me the ability to browse the exact source code I'll get when I use
pip install ...to get that wheel.The text was updated successfully, but these errors were encountered: