Tutorial project 'Publish to PyPI, and let's see how the *Python Software Foundation* interprets consent GDPR-wise'
Project description
Publish to PyPI, and let's see how the Python Software Foundation interprets consent GDPR-wise
Context
PyPI was subpoenaed, especially point 6:
A synopsis of all IP Addresses for each username from previous records were shared. These were sourced from our database records and are private to PyPI.
- Hacker News discussion about this
- Who does the data protection law apply to?
- Does the GDPR apply to companies outside of the EU?
- When do the GDPR provisions apply to non-EU businesses?
Steps to reproduce
- Be in the European Union. No citizenship required.
- Create an account at https://pypi.org/account/register/ (archive.is English localization memento from 24 May 2023 20:25:43 UTC). Notice that you don't have to provide any explicit consent to any terms and conditions.
- Confirm verification e-mail. Notice it just contains a confirmation link, e.g.
https://pypi.org/account/verify-email/?token=eyJhY3Rpb24iOiJlbWFpbC12ZXJpZnkiLCJlbWFpbC5pZCI6IjEyMzQ1IiwiYWxnIjoiSFMyNTYifQ.YWJjZA.bB3cVvD2EnTZ7sOD7XNPnxv0xgl9Q3svmcDCG8UTR9Q.- The token parameter value is an unencrypted, HMACSHA256-signed JSON Web Token, in this example it provides the following information (try it out at https://jwt.io/):
// header
{
"action": "email-verify",
"email.id": "12345",
"alg": "HS256"
}
// payload
"abcd"
- Visit the Python Packaging Authority's (PyPA) pypa/sampleproject GitHub project page.
- Select Use this template and create your own fork, e.g. Abdull/gdpr.
- Adapt repository files, in particular pyproject.toml and README.md.
- Build:
# see https://packaging.python.org/en/latest/flow/
# see https://packaging.python.org/en/latest/tutorials/installing-packages/
# see https://packaging.python.org/en/latest/tutorials/packaging-projects/
# assuming Debian 11 bullseye in the following
# get ensurepip, Debian apt-way:
sudo apt install python3-venv
pip install --upgrade pip setuptools wheel build
# inside your project
python3 -m build
# on success, shall end with line
# Successfully built gdpr-1.0.0.tar.gz and gdpr-1.0.0-py3-none-any.whl
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gdpr-1.0.0.tar.gz
(5.7 kB
view details)
Built Distribution
gdpr-1.0.0-py3-none-any.whl
(5.0 kB
view details)
File details
Details for the file gdpr-1.0.0.tar.gz.
File metadata
- Download URL: gdpr-1.0.0.tar.gz
- Upload date:
- Size: 5.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c367eed1827f8a2cf25eea22f12edd5c1ebef291788bccaf7e4b1e483f2df529 |
|
| MD5 | adfd372f6694d3f2ad100daf74216d30 |
|
| BLAKE2b-256 | eed6ba672bcb6dce55bebb920932eab2ed5e256eb2d11ecdb54f828667e3ced8 |
File details
Details for the file gdpr-1.0.0-py3-none-any.whl.
File metadata
- Download URL: gdpr-1.0.0-py3-none-any.whl
- Upload date:
- Size: 5.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c6856b144c0fdf5eb90aa918b7775adf8effb7421eb91d496ac8d6e4287e4f77 |
|
| MD5 | 46e35949a49f3469cc0a35432c5d61bd |
|
| BLAKE2b-256 | 37fd29b4aaeeb4bba6d180c7185293909128988f825652f14207f5b43d12711e |
