Skip to content

Add full content on blog RSS #13815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 1, 2023
Merged

Add full content on blog RSS #13815

merged 4 commits into from
Jun 1, 2023

Conversation

osantana
Copy link
Contributor

@osantana osantana commented May 31, 2023
edited
Loading

I make an experiment on changing the configurations of RSS feed generation to include the whole content of the posts (#13812). Apparently the pretty_print: true was the responsible for weird RSS.

It looks like the results are fine with my newsreader (NetNewsWire):

Screenshot 2023-05-31 at 6 47 16 AM

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"
    xmlns:dc="http://purl.org/dc/elements/1.1/">
    <channel>
        <title>The Python Package Index</title>
        <description>The official blog of the Python Package Index</description>
        <link>http://0.0.0.0:7000/</link>
        <atom:link href="http://0.0.0.0:7000/feed_rss_created.xml" rel="self"
            type="application/rss+xml" />
        <docs>https://github.com/pypi/warehouse</docs>
        <language>en-None</language>
        <pubDate>Wed, 31 May 2023 09:38:11 -0000</pubDate>
        <lastBuildDate>Wed, 31 May 2023 09:38:11 -0000</lastBuildDate>
        <ttl>1440</ttl>
        <generator>MkDocs RSS plugin - v1.7.0</generator>
        <image>
            <url>https://blog.pypi.org/assets/logo.png</url>
            <title>The Python Package Index</title>
            <link>http://0.0.0.0:7000/</link>
        </image>
        <item>
            <title>Reducing Stored IP Data in PyPI</title>
            <author>Mike Fiedler</author>
            <category>security</category>
            <category>transparency</category>
            <description>&lt;div class=&#34;blogging-tags-grid&#34;&gt; &lt;a
                href=&#34;http://0.0.0.0:7000/tags#security&#34;
                class=&#34;blogging-tag&#34;&gt;&lt;code&gt;#security&lt;/code&gt;&lt;/a&gt; &lt;a
                href=&#34;http://0.0.0.0:7000/tags#transparency&#34;

... [cut] ...

               for reading!&lt;/p&gt;&lt;hr&gt;&lt;p&gt;&lt;em&gt;Mike Fiedler is a PyPI
                administratorand maintainer of the Python Package Index since
                2022.&lt;/em&gt;&lt;/p&gt;</description>
            <link>http://0.0.0.0:7000/posts/2023-05-26-reducing-stored-ip-data/</link>
            <pubDate>Fri, 26 May 2023 15:00:00 +0000</pubDate>
            <source url="http://0.0.0.0:7000/feed_rss_created.xml">The Python Package Index</source>
            <guid isPermaLink="true">http://0.0.0.0:7000/posts/2023-05-26-reducing-stored-ip-data/</guid>
        </item>
        <item>
            <title>Securing PyPI accounts via Two-Factor Authentication</title>
            <author>Donald Stufft</author>
            <category>2fa</category>
            <category>security</category>
            <description>&lt;div class=&#34;blogging-tags-grid&#34;&gt; &lt;a
                href=&#34;http://0.0.0.0:7000/tags#security&#34;
                class=&#34;blogging-tag&#34;&gt;&lt;code&gt;#security&lt;/code&gt;&lt;/a&gt; &lt;a
                href=&#34;http://0.0.0.0:7000/tags#2fa&#34;

... [cut] ...

                denying them access to their account.[^3]: For end users it forces them to purchase
                some kind of hardware token &lt;em&gt;OR&lt;/em&gt; to use some sort of TOTP
                application. In both cases it forces them to keep track of something else besides
                their password and changes the login flow from what they are used to. For PyPI it
                increases the chance that someone may get locked out of their account, requiring
                intervention by administrators.[^4]: Not for nothing, but PyPI is also an Open
                Source project, run largely by volunteers, and cleaning up after a compromise on
                PyPI is something that affects those volunteers significantly.&lt;/p&gt;</description>
            <link>http://0.0.0.0:7000/posts/2023-05-25-securing-pypi-with-2fa/</link>
            <pubDate>Thu, 25 May 2023 00:00:00 +0000</pubDate>
            <source url="http://0.0.0.0:7000/feed_rss_created.xml">The Python Package Index</source>
            <guid isPermaLink="true">http://0.0.0.0:7000/posts/2023-05-25-securing-pypi-with-2fa/</guid>
        </item>
        <item>
            <title>PyPI was subpoenaed</title>
            <author>Ee Durbin</author>
            <category>compliance</category>
            <category>transparency</category>
            <description>&lt;div class=&#34;blogging-tags-grid&#34;&gt; &lt;a
                href=&#34;http://0.0.0.0:7000/tags#transparency&#34;
                class=&#34;blogging-tag&#34;&gt;&lt;code&gt;#transparency&lt;/code&gt;&lt;/a&gt;
                &lt;a href=&#34;http://0.0.0.0:7000/tags#compliance&#34;
                class=&#34;blogging-tag&#34;&gt;&lt;code&gt;#compliance&lt;/code&gt;&lt;/a&gt;

... [cut] ...

                QUESTION}&#39;;&lt;/code&gt;&lt;/p&gt;&lt;hr&gt;&lt;p&gt;&lt;em&gt;Ee Durbin is the
                Director of Infrastructure atthe Python Software Foundation.They have been
                contributing to keeping PyPI online, available, andsecure since
                2013.&lt;/em&gt;&lt;/p&gt;</description>
            <link>http://0.0.0.0:7000/posts/2023-05-24-pypi-was-subpoenaed/</link>
            <pubDate>Wed, 24 May 2023 13:12:00 +0000</pubDate>
            <source url="http://0.0.0.0:7000/feed_rss_created.xml">The Python Package Index</source>
            <guid isPermaLink="true">http://0.0.0.0:7000/posts/2023-05-24-pypi-was-subpoenaed/</guid>
        </item>
        <item>
            <title>Removing PGP from PyPI</title>
            <author>Donald Stufft</author>
            <category>security</category>
            <description>&lt;div class=&#34;blogging-tags-grid&#34;&gt; &lt;a
                href=&#34;http://0.0.0.0:7000/tags#security&#34;
                class=&#34;blogging-tag&#34;&gt;&lt;code&gt;#security&lt;/code&gt;&lt;/a&gt;
                &lt;/div&gt;&lt;style&gt; .md-typeset .blogging-tags-grid { display: flex;

... [cut] ...

                was present but had since expired.[^3]: We use meaningfully verified to mean that
                the signature was valid and the key that made it was not expired and had binding
                identify information that could tell us if this key was the correct key.&lt;/p&gt;</description>
            <link>http://0.0.0.0:7000/posts/2023-05-23-removing-pgp/</link>
            <pubDate>Tue, 23 May 2023 00:00:00 +0000</pubDate>
            <source url="http://0.0.0.0:7000/feed_rss_created.xml">The Python Package Index</source>
            <guid isPermaLink="true">http://0.0.0.0:7000/posts/2023-05-23-removing-pgp/</guid>
        </item>
    </channel>
</rss>

@osantana osantana requested a review from a team as a code owner May 31, 2023 09:56
@osantana osantana mentioned this pull request May 31, 2023
Closed
@miketheman miketheman added the blog Related to the Blog label May 31, 2023
@miketheman
Copy link
Member

Looks like the built RSS has some issues, possibly due to the way we author posts.

See https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Fblogpypiorg--13815.org.readthedocs.build%2Ffeed_rss_created.xml

@osantana
Copy link
Contributor Author

Looks like the built RSS has some issues, possibly due to the way we author posts.

Yep. The W3C validator is 'pickier' than it should be 🙂 But, anyway, let's try to address the issues.

  1. Invalid email address: Mike Fiedler: According to these links, we should put at least one e-mail address at the <author> tag. I am 👎 to fix this because the lack of this e-mail address won't break any reader (this tag is not expected to be parsed by the clients) and adding an e-mail address will only provide an address to be spammed.
  2. Self reference doesn't match document location: The rel="self" reference is broken because it is pointing to the "official" URL: <atom:link href="https://blog.pypi.org/feed_rss_created.xml" rel="self" type="application/rss+xml"/> . So, it is not something to be fixed.
  3. description should not contain style tag: This one is hard to fix 😕 It is probably something that needs to be fixed in Guts/mkdocs-rss-plugin 😕 Most of the clients I used entirely ignore these tags to avoid security issues.
  4. description should not contain relative URL references: this is also hard to fix. It is likely something that also needs to be fixed at Guts/mkdocs-rss-plugin. But, as item 3, I tested several clients and all of them generated the right link to the target page.

miketheman
miketheman requested changes May 31, 2023
View reviewed changes
@miketheman miketheman enabled auto-merge (squash) June 1, 2023 15:47
@miketheman miketheman linked an issue Jun 1, 2023 that may be closed by this pull request
Add full content on blog RSS feed #13812
Closed
@miketheman
Copy link
Member

Thanks @osantana !

@miketheman miketheman merged commit 1043822 into pypi:main Jun 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miketheman miketheman miketheman approved these changes

Assignees
No one assigned
Labels
blog Related to the Blog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add full content on blog RSS feed
2 participants
@osantana @miketheman