Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-04-05 Thread Dieter Maurer
Chris Withers wrote at 2009-4-2 20:36 +0100:
 ...
 Personally, I evaluate such eggs in a sandbox, and then add them to the
 project-specific index once I'm sure that they work with the other
 software in the index:  I don't use PyPI at all when building out
 production sites.

That seems overly heavyweight for the average new user.

no, sorry, you can't use Zope 2.12 with anything other than what it 
comes with unless you get your own egg repository running

The egg-repository can be a virtualenv (or even the site-packages
of a standard Python installation).



-- 
Dieter
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-04-03 Thread Chris Withers
Tres Seaver wrote:
 Personally, I evaluate such eggs in a sandbox, and then add them to the
 project-specific index once I'm sure that they work with the other
 software in the index:  I don't use PyPI at all when building out
 production sites.
 That seems overly heavyweight for the average new user.

 no, sorry, you can't use Zope 2.12 with anything other than what it 
 comes with unless you get your own egg repository running
 
 Who is talking about an average new user? 

We're talking about the standard was of doing things, that encompasses 
the average user. I don't see how the setup you describe can work unless 
every user runs their own egg server...

 new stuff:  it sucks as the basis for a repeatable build environment.

I think that's a little harsh, if you use buildout and a locked down 
versions section all you have to worry about is PyPI being down when you 
don't have the eggs in a local buildout cache.

Chris

-- 
Simplistix - Content Management, Zope  Python Consulting
- http://www.simplistix.co.uk
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-04-03 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chris Withers wrote:
 Tres Seaver wrote:
 Personally, I evaluate such eggs in a sandbox, and then add them to the
 project-specific index once I'm sure that they work with the other
 software in the index:  I don't use PyPI at all when building out
 production sites.
 That seems overly heavyweight for the average new user.

 no, sorry, you can't use Zope 2.12 with anything other than what it 
 comes with unless you get your own egg repository running
 Who is talking about an average new user? 
 
 We're talking about the standard was of doing things, that encompasses 
 the average user. I don't see how the setup you describe can work unless 
 every user runs their own egg server...

That wasn't what I said:  the Personally part was a pretty clear
signal that I was being descriptive of my practices, and not
prescriptive for others'.

 new stuff:  it sucks as the basis for a repeatable build environment.
 
 I think that's a little harsh, if you use buildout and a locked down 
 versions section all you have to worry about is PyPI being down when you 
 don't have the eggs in a local buildout cache.

No, you also have to worry about people removing eggs you formerly
installed, or uploading new versions without changing the version
number, or uploading new, backwards-compatibility-breaking versions,
etc.  *Nothing* about getting an egg from PyPI is repeatable.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ1k76+gerLs4ltQ4RAtXtAJ9fyMa0g6rB2dJN9soxwEvQ1Vho+gCdHvJw
vDbs6CIqAYfvvDgdJm7Vrdc=
=fRRq
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-04-02 Thread Chris Withers
Tres Seaver wrote:
 Chris Withers wrote:
 Tres Seaver wrote:
 -BEGIN PGP SIGNED MESSAGE-
 I mean an index which supplies the 'simple' PyPI interface, such that we
 could tell people to 'easy_install' from it, e.g.:

  $ /path/to/bin/easy_install -i http://kgs.zope.org/Zope2/2.1.2
 But how do you then set things up when you want to use other eggs that 
 are only available on PyPI? Surely as soon as you add PyPI as an egg 
 source, things go belly up?
 
 Personally, I evaluate such eggs in a sandbox, and then add them to the
 project-specific index once I'm sure that they work with the other
 software in the index:  I don't use PyPI at all when building out
 production sites.

That seems overly heavyweight for the average new user.

no, sorry, you can't use Zope 2.12 with anything other than what it 
comes with unless you get your own egg repository running

:-S

Chris

-- 
Simplistix - Content Management, Zope  Python Consulting
- http://www.simplistix.co.uk
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-04-02 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chris Withers wrote:
 Tres Seaver wrote:
 Chris Withers wrote:
 Tres Seaver wrote:
 -BEGIN PGP SIGNED MESSAGE-
 I mean an index which supplies the 'simple' PyPI interface, such that we
 could tell people to 'easy_install' from it, e.g.:

  $ /path/to/bin/easy_install -i http://kgs.zope.org/Zope2/2.1.2
 But how do you then set things up when you want to use other eggs that 
 are only available on PyPI? Surely as soon as you add PyPI as an egg 
 source, things go belly up?
 Personally, I evaluate such eggs in a sandbox, and then add them to the
 project-specific index once I'm sure that they work with the other
 software in the index:  I don't use PyPI at all when building out
 production sites.
 
 That seems overly heavyweight for the average new user.
 
 no, sorry, you can't use Zope 2.12 with anything other than what it 
 comes with unless you get your own egg repository running

Who is talking about an average new user?  I'm talking about the my
revenue stream depends on this application working professional (me),
and the best practices I use.  PyPI is *great* as a tool for discovering
new stuff:  it sucks as the basis for a repeatable build environment.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ1SLO+gerLs4ltQ4RAln1AJ9+8seP2utgjOS9/McNpGrMmuUPNwCfXyZD
ROqI32MHvjjLfqZrVaotr1U=
=SdaM
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-23 Thread Chris Withers
Tres Seaver wrote:
 -BEGIN PGP SIGNED MESSAGE-
 I mean an index which supplies the 'simple' PyPI interface, such that we
 could tell people to 'easy_install' from it, e.g.:
 
  $ /path/to/bin/easy_install -i http://kgs.zope.org/Zope2/2.1.2

But how do you then set things up when you want to use other eggs that 
are only available on PyPI? Surely as soon as you add PyPI as an egg 
source, things go belly up?

cheers,

Chris

-- 
Simplistix - Content Management, Zope  Python Consulting
- http://www.simplistix.co.uk
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-23 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chris Withers wrote:
 Tres Seaver wrote:
 -BEGIN PGP SIGNED MESSAGE-
 I mean an index which supplies the 'simple' PyPI interface, such that we
 could tell people to 'easy_install' from it, e.g.:

  $ /path/to/bin/easy_install -i http://kgs.zope.org/Zope2/2.1.2
 
 But how do you then set things up when you want to use other eggs that 
 are only available on PyPI? Surely as soon as you add PyPI as an egg 
 source, things go belly up?

Personally, I evaluate such eggs in a sandbox, and then add them to the
project-specific index once I'm sure that they work with the other
software in the index:  I don't use PyPI at all when building out
production sites.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJx9js+gerLs4ltQ4RAq1mAKCrscWzKCJCooVfL6/CjPguFmv9eQCgnBAv
FxnNYPtf7G5NSl3NkFMQQ8Q=
=3OO6
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-16 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andreas Jung wrote:
 On 16.03.2009 4:52 Uhr, Tres Seaver wrote:
 Andreas Jung wrote:
 On 15.03.2009 18:42 Uhr, Tres Seaver wrote:
  Original Message 
 Subject: [Bug 343079] [NEW] Broken distribution (2009-03-15)
 Date: Sun, 15 Mar 2009 07:42:00 -
 From: dmaurer die...@handshake.de
 Reply-To: Bug 343079 343...@bugs.launchpad.net
 To: tsea...@palladion.com
 References: 20090315074200.12457.19313.malone...@potassium.ubuntu.com
 Public bug reported:
 The current (2009-03-12) PyPI distribution for Zope2 2.12.0a1 is broken.
 'easy_install'ing it leads to version conflicts for 'zope.component'
 (3.5.1 versus 3.6.0) in the call of 'mkzopeinstance'.
 ** Affects: zope2
  Importance: Undecided
  Status: New
 The breakage is due to the release of the new zope.prinipalregistry egg.
 We should probably manage a Zope2 indes and tell people to use it when
 running easy_install, because PyPI is not suitable for the task given
 setuptools' incremental requirements discovery design.
 Easy_installing the a1 sdist should behave like using buildout since
 the versions within the sdist are pinned as well. It actually worked
 at the time of the a1 release. I don't understand right now why we get
 this failure.
 I don't see any pinning at all here:
 
  http://svn.zope.org/Zope/tags/2.12.0a1/setup.py?rev=97288view=auto
 
 
 Please look at the getPackages() method taking the version*cfg files
 into account. So all versions should be pinned. However there is
 obviously a difference between using buildout with pinned versions
 and setuptools or a small undetected hole in the process.

The issue must be that one of the pinned dependencies
(zope.publisher?) has an unpinned dependency (maybe transitively?) which
 requires a newer version of zope.component.

 This kind of issue was the source of my contentiont that released
 versions should ship with exact pins of the egg versions (the full
 transitive closure):  it should at least be possible to generate a
 'Zope2-exact' distribution which provides a known good installation,
 even it a 'Zope2-upgradable' distribution might be better for some people.
 
 
 The other option, as I said earlier, is to maintain an index for each
 release branch of Zope2, and populate it only with eggs which have
 been tested not to break the upgrade.  We could specify that index in
 the install docs, and maybe even in the 'setup.cfg' of the package.

 I hope we can discuss and resolve remaining  issues during PyCon.

Maybe generating indexes from the varios known good metadata we are
already maintaining would be the right path.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJvnyA+gerLs4ltQ4RAiZ2AKCZ8KW2700uFQMQgX/UWggBfXo4pQCglqMV
O2wVPbaBQzLjFLj/RW7AsuY=
=4Lix
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-16 Thread Hanno Schlichting
Tres Seaver wrote:
 Andreas Jung wrote:
 Please look at the getPackages() method taking the version*cfg files
 into account. So all versions should be pinned. However there is
 obviously a difference between using buildout with pinned versions
 and setuptools or a small undetected hole in the process.
 
 The issue must be that one of the pinned dependencies
 (zope.publisher?) has an unpinned dependency (maybe transitively?) which
  requires a newer version of zope.component.

What I think is more likely to have happened here is:

An additional package (like one under development) was installed first.
This depends on some zope.foo package (maybe zope.publisher) which wants
zope.component 3.6. setuptools goes and fetches the latest version of
all of these. Now later on the Zope2 egg is put into the environment and
requires zope.component 3.5.1 - result VersionConflict.

Setuptools loads packages and puts them into the environment as it finds
them. It doesn't build a full tree of dependencies first. This is what
pip adds for example.

Unless you have a KGS or any kind of version restrictions for everything
from the start, you will always run into these problems. Managing exact
versions inside setup.py doesn't work.

Hanno

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-16 Thread Andreas Jung
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16.03.2009 17:40 Uhr, Hanno Schlichting wrote:
 Tres Seaver wrote:
 Andreas Jung wrote:
 Please look at the getPackages() method taking the version*cfg files
 into account. So all versions should be pinned. However there is
 obviously a difference between using buildout with pinned versions
 and setuptools or a small undetected hole in the process.
 The issue must be that one of the pinned dependencies
 (zope.publisher?) has an unpinned dependency (maybe transitively?) which
  requires a newer version of zope.component.
 
 What I think is more likely to have happened here is:
 
 An additional package (like one under development) was installed first.
 This depends on some zope.foo package (maybe zope.publisher) which wants
 zope.component 3.6. setuptools goes and fetches the latest version of
 all of these. Now later on the Zope2 egg is put into the environment and
 requires zope.component 3.5.1 - result VersionConflict.

Not sure about this theory - I can reproduce the version mismatch with
an almost plain Python 2.5 installation - especially it is reproducable
within a virtualenv --no-site-package environment. On the other hand: I
can not reproduce this error on my Linux box with a Python 2.4
installation with pretty large site-packages dir :-


 
 Setuptools loads packages and puts them into the environment as it finds
 them. It doesn't build a full tree of dependencies first. This is what
 pip adds for example.

pip produces the same result.

Andreas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkm+h60ACgkQCJIWIbr9KYypHACcCtI1h5fwXO9RFq1gO28J9rQr
Y/4AnifSSIuNRHW6Chim7KRxOvtWZvL3
=fpxY
-END PGP SIGNATURE-
begin:vcard
fn:Andreas Jung
n:Jung;Andreas
org:ZOPYX Ltd.  Co. KG
adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany
email;internet:i...@zopyx.com
title:CEO
tel;work:+49-7071-793376
tel;fax:+49-7071-7936840
tel;home:+49-7071-793257
x-mozilla-html:FALSE
url:www.zopyx.com
version:2.1
end:vcard

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-16 Thread Andreas Jung
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16.03.2009 17:21 Uhr, Tres Seaver wrote:


 
 Maybe generating indexes from the varios known good metadata we are
 already maintaining would be the right path.


By index you refer to a KGS or a release-specific directory containing
the blessed packages under a well-known URL?

Andreas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkm+iAgACgkQCJIWIbr9KYx9xwCeNWqIvhGfMh28R581ATADz/5w
48YAnRQ9Z31JXSYJNkhx7X0e75eQV4v0
=+xc2
-END PGP SIGNATURE-
begin:vcard
fn:Andreas Jung
n:Jung;Andreas
org:ZOPYX Ltd.  Co. KG
adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany
email;internet:i...@zopyx.com
title:CEO
tel;work:+49-7071-793376
tel;fax:+49-7071-7936840
tel;home:+49-7071-793257
x-mozilla-html:FALSE
url:www.zopyx.com
version:2.1
end:vcard

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-16 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andreas Jung wrote:
 On 16.03.2009 17:21 Uhr, Tres Seaver wrote:
 
 
 Maybe generating indexes from the varios known good metadata we are
 already maintaining would be the right path.
 
 
 By index you refer to a KGS or a release-specific directory containing
 the blessed packages under a well-known URL?

I mean an index which supplies the 'simple' PyPI interface, such that we
could tell people to 'easy_install' from it, e.g.:

 $ /path/to/bin/easy_install -i http://kgs.zope.org/Zope2/2.1.2



Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJvo8M+gerLs4ltQ4RAisvAJ9vhbRfcyci7TQ6oqKKVhOdNt5wjwCdG5Y+
Z64Gd55VZmu51eoOnCju0x4=
=7hDp
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-16 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hanno Schlichting wrote:
 Tres Seaver wrote:
 Andreas Jung wrote:
 Please look at the getPackages() method taking the version*cfg files
 into account. So all versions should be pinned. However there is
 obviously a difference between using buildout with pinned versions
 and setuptools or a small undetected hole in the process.
 The issue must be that one of the pinned dependencies
 (zope.publisher?) has an unpinned dependency (maybe transitively?) which
  requires a newer version of zope.component.
 
 What I think is more likely to have happened here is:
 
 An additional package (like one under development) was installed first.
 This depends on some zope.foo package (maybe zope.publisher) which wants
 zope.component 3.6. setuptools goes and fetches the latest version of
 all of these. Now later on the Zope2 egg is put into the environment and
 requires zope.component 3.5.1 - result VersionConflict.

This error is reproducible in a fresh virtualenv.

 Setuptools loads packages and puts them into the environment as it finds
 them. It doesn't build a full tree of dependencies first. This is what
 pip adds for example.

Right:  this is what I was calling the incremental dependency
discovery bit in setuptlools.

 Unless you have a KGS or any kind of version restrictions for everything
 from the start, you will always run into these problems. Managing exact
 versions inside setup.py doesn't work.

A Zope2-specific index supplies the same need.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
`
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJvqID+gerLs4ltQ4RApHjAJ9Im+Y3dntzdcBxFj9SIEuBBwrBRACgpnuK
D0vVs+7dYWSB+3/My5yeRyg=
=wQey
-END PGP SIGNATURE-

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-15 Thread Andreas Jung
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 15.03.2009 18:42 Uhr, Tres Seaver wrote:
 
 
  Original Message 
 Subject: [Bug 343079] [NEW] Broken distribution (2009-03-15)
 Date: Sun, 15 Mar 2009 07:42:00 -
 From: dmaurer die...@handshake.de
 Reply-To: Bug 343079 343...@bugs.launchpad.net
 To: tsea...@palladion.com
 References: 20090315074200.12457.19313.malone...@potassium.ubuntu.com
 
 Public bug reported:
 
 The current (2009-03-12) PyPI distribution for Zope2 2.12.0a1 is broken.
 'easy_install'ing it leads to version conflicts for 'zope.component'
 (3.5.1 versus 3.6.0) in the call of 'mkzopeinstance'.
 
 ** Affects: zope2
  Importance: Undecided
  Status: New
 
 
 The breakage is due to the release of the new zope.prinipalregistry egg.
 We should probably manage a Zope2 indes and tell people to use it when
 running easy_install, because PyPI is not suitable for the task given
 setuptools' incremental requirements discovery design.

Easy_installing the a1 sdist should behave like using buildout since
the versions within the sdist are pinned as well. It actually worked
at the time of the a1 release. I don't understand right now why we get
this failure.

Andreas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkm9RBQACgkQCJIWIbr9KYzK8wCfTCix3juYl/LyIXLLDBuRBe9A
q+sAoJa7dNY/Vwq1eorS5vSXxmDkb+xw
=Cg9D
-END PGP SIGNATURE-
begin:vcard
fn:Andreas Jung
n:Jung;Andreas
org:ZOPYX Ltd.  Co. KG
adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany
email;internet:i...@zopyx.com
title:CEO
tel;work:+49-7071-793376
tel;fax:+49-7071-7936840
tel;home:+49-7071-793257
x-mozilla-html:FALSE
url:www.zopyx.com
version:2.1
end:vcard

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-15 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andreas Jung wrote:
 On 15.03.2009 18:42 Uhr, Tres Seaver wrote:
 
  Original Message 
 Subject: [Bug 343079] [NEW] Broken distribution (2009-03-15)
 Date: Sun, 15 Mar 2009 07:42:00 -
 From: dmaurer die...@handshake.de
 Reply-To: Bug 343079 343...@bugs.launchpad.net
 To: tsea...@palladion.com
 References: 20090315074200.12457.19313.malone...@potassium.ubuntu.com
 
 Public bug reported:
 
 The current (2009-03-12) PyPI distribution for Zope2 2.12.0a1 is broken.
 'easy_install'ing it leads to version conflicts for 'zope.component'
 (3.5.1 versus 3.6.0) in the call of 'mkzopeinstance'.
 
 ** Affects: zope2
  Importance: Undecided
  Status: New
 
 
 The breakage is due to the release of the new zope.prinipalregistry egg.
 We should probably manage a Zope2 indes and tell people to use it when
 running easy_install, because PyPI is not suitable for the task given
 setuptools' incremental requirements discovery design.
 
 Easy_installing the a1 sdist should behave like using buildout since
 the versions within the sdist are pinned as well. It actually worked
 at the time of the a1 release. I don't understand right now why we get
 this failure.

I don't see any pinning at all here:

 http://svn.zope.org/Zope/tags/2.12.0a1/setup.py?rev=97288view=auto

This kind of issue was the source of my contentiont that released
versions should ship with exact pins of the egg versions (the full
transitive closure):  it should at least be possible to generate a
'Zope2-exact' distribution which provides a known good installation,
even it a 'Zope2-upgradable' distribution might be better for some people.

The other option, as I said earlier, is to maintain an index for each
release branch of Zope2, and populate it only with eggs which have
been tested not to break the upgrade.  We could specify that index in
the install docs, and maybe even in the 'setup.cfg' of the package.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJvczs+gerLs4ltQ4RAjnqAKDHjP2hnJvkEwxiXVYBVwHzSe7x7wCbBnkQ
/fc3lmFuTV2lXOby+8s1sfA=
=3H9B
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] [Fwd: [Bug 343079] [NEW] Broken distribution (2009-03-15)]

2009-03-15 Thread Andreas Jung
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16.03.2009 4:52 Uhr, Tres Seaver wrote:
 Andreas Jung wrote:
 On 15.03.2009 18:42 Uhr, Tres Seaver wrote:
 
  Original Message 
 Subject: [Bug 343079] [NEW] Broken distribution (2009-03-15)
 Date: Sun, 15 Mar 2009 07:42:00 -
 From: dmaurer die...@handshake.de
 Reply-To: Bug 343079 343...@bugs.launchpad.net
 To: tsea...@palladion.com
 References: 20090315074200.12457.19313.malone...@potassium.ubuntu.com
 Public bug reported:
 The current (2009-03-12) PyPI distribution for Zope2 2.12.0a1 is broken.
 'easy_install'ing it leads to version conflicts for 'zope.component'
 (3.5.1 versus 3.6.0) in the call of 'mkzopeinstance'.
 ** Affects: zope2
  Importance: Undecided
  Status: New
 
 The breakage is due to the release of the new zope.prinipalregistry egg.
 We should probably manage a Zope2 indes and tell people to use it when
 running easy_install, because PyPI is not suitable for the task given
 setuptools' incremental requirements discovery design.
 Easy_installing the a1 sdist should behave like using buildout since
 the versions within the sdist are pinned as well. It actually worked
 at the time of the a1 release. I don't understand right now why we get
 this failure.
 
 I don't see any pinning at all here:
 
  http://svn.zope.org/Zope/tags/2.12.0a1/setup.py?rev=97288view=auto
 

Please look at the getPackages() method taking the version*cfg files
into account. So all versions should be pinned. However there is
obviously a difference between using buildout with pinned versions
and setuptools or a small undetected hole in the process.


 This kind of issue was the source of my contentiont that released
 versions should ship with exact pins of the egg versions (the full
 transitive closure):  it should at least be possible to generate a
 'Zope2-exact' distribution which provides a known good installation,
 even it a 'Zope2-upgradable' distribution might be better for some people.


 The other option, as I said earlier, is to maintain an index for each
 release branch of Zope2, and populate it only with eggs which have
 been tested not to break the upgrade.  We could specify that index in
 the install docs, and maybe even in the 'setup.cfg' of the package.

I hope we can discuss and resolve remaining  issues during PyCon.

Andreas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkm96JYACgkQCJIWIbr9KYwwUgCfa9WNM94Q0J6bHKyjTWeeox94
wP8An0ZVHB6wrp0MyZ2ZbvlEWbFFtEK3
=tVTH
-END PGP SIGNATURE-
begin:vcard
fn:Andreas Jung
n:Jung;Andreas
org:ZOPYX Ltd.  Co. KG
adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany
email;internet:i...@zopyx.com
title:CEO
tel;work:+49-7071-793376
tel;fax:+49-7071-7936840
tel;home:+49-7071-793257
x-mozilla-html:FALSE
url:www.zopyx.com
version:2.1
end:vcard

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )