On 18/12/2018 15:00, Joni Orponen wrote:
On Tue, Dec 18, 2018 at 3:43 PM Tzu-ping Chung <uranu...@gmail.com> wrote:
Paul has described the technical details behind this phenomenon, but
to be more explicit: it is not pip that breaks older packages, but the
new PyPI server (pypi.org instead of the old pypi.python.org) that does.
So no, there is not a legacy mode in pip. Furthermore, you won’t be
able to install the package now, even if you have the old pip version.
well luckily for me clicking on the download link did in fact produce a tar zip so that at least allow me to install this defunct
package.
The only way to overcome this is to find the original package, and
either upload it to PyPI, or serve it yourself on your own server.
I can do the last, but surely only the package owner can upload the tar zip.
When dealing with legacy setups, buildout still has most of the required
machinery to make arcane things tick. If the file still exists, buildout
can be configured to follow the links via explicit whitelisting of
acceptable sources (and many a links of the bitrot variety are still
available through being a tad lucky through archive.org - pre-stdlib
inclusion elementtree eggs are a fine example of this).
http://www.buildout.org/en/latest/reference.html#buildout-configuration-options
The real solution is to dive in to maintain the package barely enough to
upload a new release to PyPI, though.
so little time :( sigh
I accept that the fcrypt issue is not a pip problem, but perhaps there's another related to the _vendor included version of
pyopenssl. One of the recovered environments needed to install pyOpenSSL==16.0.0, but when that occurred it seems as though pip
18.1 breaks due to an incompatibility in the site-packages/OpenSSL that is then imported by
site-packages/_vendor/urllib3/contrib/pyopenssl.py
In the end the answer is to upgrade the environment's pyopenessl so that pip can at least work. I'm not exactly sure why there's a
_vendor (this is ubuntu 18.04.1 LTS) thing, but it shouldn't be importing from a wrong/different OpenSSL.
--
Robin Becker
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/mm3/mailman3/lists/distutils-sig.python.org/
Message archived at
https://mail.python.org/archives/list/distutils-sig@python.org/message/AT5MEAERTLZFQV7URX4XR5EZBUHXWH5B/
