On 2014-06-14 14:25:02 + (+), Jason R. Coombs wrote:
[...]
I’ve removed all versions of Setuptools 4.x and closed that
branch. [...] Please use Setuptools 3.8.1 or later.
[...]
Are most of the PyPI mirror tools out there smart enough to remove
packages which have been deleted from PyPI?
that problem:
http://git.openstack.org/cgit/stackforge/bindep/tree/README.rst
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
users of old pip
won't automatically pull down in an upgrade so we don't have to rely
on the current hack (which I agree is really just abusing unintended
behavior differences between older and newer pip versions), until a
majority of the ecosystem has stopped running with 1.4.
--
Jeremy Stanley
.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
packaging channel then that can only be a
positive net effect in my opinion.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
. Also in some cases I see files autogenerated from VCS
metadata to avoid double-entry... things like change histories,
authors lists, documentation indices, and even version numbers.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG
(as is the case for the vast majority of our packages, which are
sourced from PyPI), then we want the Debian package to use tarballs.
[...]
Refreshing to hear!
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https
as well?
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
this week (depending on what direction we end up
going for embedded Git SHAs in unreleased dev sdist/wheel version
strings).
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
writing the integration tooling for it)
intent to continue to follow standards set by that community.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
')
[...]
This was basically why OpenStack/PBR opted not to switch to using an
LVI to encapsulate Git SHA details in unreleased dev version
strings (instead we've now moved to putting them into egg-info and
providing a separate tool to query that).
--
Jeremy Stanley
that this was identified years ago and has a
pending feature request looking for people pitching in on
implementation. It's perhaps better discussed at
https://github.com/pypa/pip/issues/988 so as to avoid too much
repetition.
--
Jeremy Stanley
___
Distutils-SIG
and setuptools, but list does not.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
leases were flawed.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
to assume that 100% of projects have test
suites. More accurately, 75% either have no tests _or_ keep them
outside the package. ;)
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
environment markers with something like
;python_version='3.3' (which really needs setuptools 17.1 or later
to interpret it correctly).
http://pythonhosted.org/setuptools/history.html#id5
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
seeing it in later
releases, a detailed bug report would be most appreciated since
that's not at all the intent.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
they really need to be viewed as separate and
distinct release artifacts now.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
tack was impacting uploads) the transition has very gone
smoothly (some 50+ releases so far). Thrilled to see Warehouse
coming along!
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
Debian derivatives,
less so on all those "other" distros).
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
le sdist from the raw
source tree.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
we can publish detached
signatures along with our release artifacts so I would probably just
ignore the PyPI/twine-specific part of the work if this goes away.
[*]
http://specs.openstack.org/openstack-infra/infra-specs/specs/artifact-signing.html
--
Jeremy S
t-pip.py). Also whenever possible, we instead rely on pip
install within virtualenvs _without_ --system-site-packages, so that
there's no risk of interaction with any Python libraries that might
somehow get subsequently installed on the system.
--
Jeremy Stanley
___
irtualenv
into its own virtualenv, like:
virtualenv foo
foo/bin/pip install -U pip setuptools virtualenv
foo/bin/virtualenv myenv
Doing that on some systems where I'm forced to start from
distro-provided pip/setuptools/virtualenv has worked ou
ported by Setuptools since 0.7, and directly in requirements
lists since pip 6.0.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
take several
days to populate.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
ndency problems. (NB: I'm not in favor of that either, just
nudging an example in the reductio ad absurdum direction.)
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
you need to
change out parts of a running daemon without restarting the process,
but you really need a lot of extra care to get out of contexts
utilizing the modules being reloaded if you want the replacements to
actually be used.
--
Jeremy Stanley
___
Dist
is splitting
their Python-using packages along some arbitrary line of "is it a
system component?" vs. "is it a user-facing application?" which is
probably tractable given the (relatively) limited number of packages
in their distribution. I can't fathom how to go
n a
relatively minimal boilerplate setup.py which loads its setuptools
entrypoint), but does allow you to basically abstract away most
common configuration into declarative setup.cfg and requirements.txt
files (similar to some of the pyproject.toml use cases Donald et al
have for PEP 51
on information from tags, change logs
from the commit history, contributor lists from commit authorship).
The metadata in question is lost by just blindly tarring up tracked
files, so needs some mechanism to export and inject as untracked
files (from the source revision control perspective) for in
o there's
no good way for PyPI to know what dependencies each package has.
PEP 518 aims to solve this eventually:
https://www.python.org/dev/peps/pep-0518/
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python
those back via an API method, I expect
coverage across packages in general would be fairly low today. It
might be sufficient if sticking with some popular subset of packages
though.
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@pyth
On 2017-07-20 21:09:28 -0400 (-0400), John Thorvald Wodder II wrote:
> [Sending to the list this time]
>
> On 2017 Jul 20, at 12:41, Jeremy Stanley <fu...@yuggoth.org> wrote:
> > So while it might be possible to add some sort of feature
> > to inspect wheels at upload
ssages keeps the invalid bug reports to
a manageable minimum.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
ool for each
of these roles.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
m just as likely to
write a new lightweight API client instead so I can have something
auditable I can trust my credentials to which only knows how to
upload.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG ma
pect the VCS metadata at sdist creation time. It would be
unfortunate to lose such flexibility in whatever hook implementation
we end up with.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SI
ents to bespoke automation
(at least for some I maintain, and I'm pretty sure there are plenty
more out there too).
--
Jeremy Stanley
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
community around it is sensitive to gender diversity issues and
wants to avoid acquiring more of a "brogrammer" image, so some of us
worry that any conspicuous TOML files checked into revision control
repositories could be seen as a tacit endorsement of the author's
alleged behavior
L has a lot more
flexibility over configparser's classic loader.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
ust/031315.html
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
ial reasons as much as
anything.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
are drawn from requirements.txt instead).
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
se came from, and while I'm curious to know which change(s)
this was it's probably off-topic for this ML.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mail
signed sdists too it wouldn't have been much help to us anyway.
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
n code for successful uploading to a
devpi instance to be indicative of whether PyPI will accept or
reject on the grounds of, e.g., invalid trove classifiers (this one
in particular has been the most common preventable but otherwise
untestable upload failure our community encounters).
--
Jeremy St
stand-alone linting utility or maybe a flake8 plug-in (particularly
if it vendored a copy of the classifiers list and included an
option/flag to skip downloading).
--
Jeremy Stanley
signature.asc
Description: Digital signature
___
Distutils-SIG maillist
Python version my projects intend to support plus the
most recent alpha/beta/rc for the next unreleased Python 3.x, though
I'll admit that keeping up with the various build-deps and
compile-time optimizations for each of them is mildly time-consuming
(as is bootstrapping a new dev env
ur CI system to using a caching proxy
because of this.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/mm3/mailman3/lists/distutils-si
On 2018-09-04 11:40:17 -0500 (-0500), Dustin Ingram wrote:
> On Tue, Sep 4, 2018 at 11:33 AM Jeremy Stanley wrote:
> >
> > Yes. If you haven't tried running a mirror of PyPI lately you're
> > likely not to have noticed, but the various nightly builds for
> > tensorf
s about an old feature where pip tries to use a clean copy
> of the source directory for the build.
[...]
Ahh, yes, apologies! I had incorrectly assumed the new build
environment isolation was also going to have changes to build
directory isolation.
--
Jeremy Stanley
signature.asc
Description: P
ve
https://github.com/pypa/pip/issues/2195 is probably relevant, if
you're looking for an example.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/m
s and random versions of system
libraries, the problem might look similar for the Windows ecosystem
as well. That Windows is a commercial product legally available
strictly in precompiled binary form from only one source is what
mostly saves it from this particular bit of fun.
--
Jeremy Stanley
signature.as
ere are true. The sha256sum
utility says
6e4eec90337e849ade7103723b9a99631c1f0d19990d6e8412dc42f5ae8b304d
while the sha1sum utility says
3547552b1009283f7ae31fded32ad33ed160e671. Make note that one is a
SHA2-256 checksum while the other is a SHA1 checksum.
--
Jeremy Stanley
signature.asc
Desc
rectly sign (a hash of) the
package file rather than merely signing (a hash of) its checksum.
Either way you're relying on the strength of your signing
implementation, so also having to rely on the strength of the
checksum is just added potential weakness and complexity.
--
Jeremy Stanley
signatu
e time, and so easier instead to
replace it with a more modern alternative and move on with your
life.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org
s of any algorithm, as it makes it
difficult for someone who does understand the differences to take us
seriously.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@pytho
examples as if they have anything
whatsoever to do with checksumming, but I'm quickly getting the
distinct impression you don't actually know the difference so I'll
stop now as we've gone well off-topic for this list.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mail
uot;To contact the list owners, use the following
email address: distutils-sig-ow...@python.org" (though as a
moderator/owner of lots of mailman listservs myself, I would half
expect anything you send there will get lost in a sea of @qq.com
spam).
--
Jeremy Stanley
signature.asc
Descrip
ame. But those of us who still use
E-mail (and worse, Usenet) eventually need to get out of the way of
the wheels of progress lest they run us over.
Many thanks to those who have maintained, moderated, and
collaborated through this list over the years. It has been much
appreciated.
--
Jeremy Stan
ipants to get involved?
[...]
Maybe. But as I've seen in many other communities, discussions start
organically in a variety of places and platforms, and are rarely
constrained by community consensus "recommendations" of venue.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distuti
effort just to cater to my personal
workflows. Discourse is not to my taste, but de gustibus non est
disputandum.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.o
On 2020-07-30 12:16:17 + (+), Jeremy Stanley wrote:
[...]
> I'll be less likely to find out tidbits like Setuptools 20.3 in
> October turning on the new dep solver
[...]
Er, clearly I meant pip. ;)
Also thanks for sending an update about it to the pypi-announce ML
just now!
--
don't
build it themselves nor install it directly (unless maybe using
commercial operating systems which don't ship it by default).
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le..
s E-mail-only interaction with Discuss working well
for others?
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/mailman3/lists/distutils-sig.pyt
e (e.g. for annotating their
version output).
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/mailman3/lists/distutils-sig.python.org/
Mess
ething based
on the number of commits on the branch since the last tag, embedding
abbreviated Git commit IDs, or whatever).
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python
ject.toml support before 19.0).
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/mailman3/lists/distutils-sig.python.org/
Message archived at
et. For example
the current Debian stable release provides pip 18.1, and the
next-most-recent Ubuntu LTS (18.04) provides 9.0.1.
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@
Hub issues, which
are an even worse substitute for a mailing list), so it'll have to
do.
Thanks for all your hard work as a ML moderator over the years, and
to everyone else who made this list great!
--
Jeremy Stanley
signature.asc
Description: PGP signature
--
Distutils-SIG mailing list -- distut
71 matches
Mail list logo