Tutorial project 'Publish to PyPI, and let's see how the *Python Software Foundation* interprets consent GDPR-wise'
Project description
Publish to PyPI, and let's see how the Python Software Foundation interprets consent GDPR-wise
Context
PyPI was subpoenaed, especially point 6:
A synopsis of all IP Addresses for each username from previous records were shared. These were sourced from our database records and are private to PyPI.
- Hacker News discussion about this
- Who does the data protection law apply to?
- Does the GDPR apply to companies outside of the EU?
- When do the GDPR provisions apply to non-EU businesses?
Steps to reproduce
- Be in the European Union. No citizenship required.
- Create an account at https://pypi.org/account/register/ (archive.is English localization memento from 24 May 2023 20:25:43 UTC). Notice that you don't have to provide any explicit consent to any terms and conditions.
- Confirm verification e-mail. Notice it just contains a confirmation link, e.g.
https://pypi.org/account/verify-email/?token=eyJhY3Rpb24iOiJlbWFpbC12ZXJpZnkiLCJlbWFpbC5pZCI6IjEyMzQ1IiwiYWxnIjoiSFMyNTYifQ.YWJjZA.bB3cVvD2EnTZ7sOD7XNPnxv0xgl9Q3svmcDCG8UTR9Q
.- The token parameter value is an unencrypted, HMACSHA256-signed JSON Web Token, in this example it provides the following information (try it out at https://jwt.io/):
// header
{
"action": "email-verify",
"email.id": "12345",
"alg": "HS256"
}
// payload
"abcd"
- Visit the Python Packaging Authority's (PyPA) pypa/sampleproject GitHub project page.
- Select Use this template and create your own fork, e.g. Abdull/gdpr.
- Adapt repository files, in particular pyproject.toml and README.md.
- Build:
# see https://packaging.python.org/en/latest/flow/
# see https://packaging.python.org/en/latest/tutorials/installing-packages/
# see https://packaging.python.org/en/latest/tutorials/packaging-projects/
# assuming Debian 11 bullseye in the following
# get ensurepip, Debian apt-way:
sudo apt install python3-venv
pip install --upgrade pip setuptools wheel build
# inside your project
python3 -m build
# on success, shall end with line
# Successfully built gdpr-1.0.0.tar.gz and gdpr-1.0.0-py3-none-any.whl
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gdpr-1.0.0.tar.gz
(5.7 kB
view hashes)
Built Distribution
gdpr-1.0.0-py3-none-any.whl
(5.0 kB
view hashes)