Andres? What I'm suggesting is to bring back requirements for **minimal** version of 3rd party lib
В письме от 1 февраля 2014 14:36:05 пользователь Taras написал: > Andres, > > When I talked about packaging problem I meant problems with supported > versions of e.g. python libs for current popular distros. Consider we have > e.g. some Debian/Ubuntu distro and want to package/install w3af from > official repo. w3af from feature/package branch requires lxml version > exactly 2.3.2, but supported and packaged version of lxml for Ubuntu 13.10 > is 3.2.0! > > $ apt-cache show python-lxml > Package: python-lxml > Priority: optional > Section: python > Installed-Size: 2390 > Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> > Original-Maintainer: Matthias Klose <d...@debian.org> > Architecture: amd64 > Source: lxml > Version: 3.2.0-1 > > Because of that you can't simply make and provide w3af thought official > repo. No one package maintainer will support several packaged minor > versions of single lib.And for the end user there is only one way to > install and use w3af. It is virtualenv + git clone :( > > > > 1. It makes impossible to package&install w3af, e.g. into deb package, > > > doesn't it? > > > > That's a good question, I'm not packaging expert but I suppose there > > is a solution? Also I suppose that this was an issue in the past, > > > > without the specific version requirement? Lets follow this timeline: > > * (assume) w3af is packaged in debian. Requires extra package > > > > python-pdfminer-v1. No check for specific version of any pip package. > > > > * foo is another debian package. Requires extra package > > > > python-pdfminer-v2 * User installs w3af: apt-get install w3af > > > > * Run w3af, it works > > * User installs foo: apt-get install foo > > > > - Command will warn that it will break the w3af install? (not > > > > sure, not a packaging expert) > > > > - Command will succeed and replace python-pdfminer-v1 with > > > > python-pdfminer-v2 > > > > * Run foo, it works > > * Run w3af, it fails because now python-pdfminer-v2, which changes > > > > the API is installed > > > > > 2. If w3af requires 3rd party A version 1 and another application on the > > > system also requires 3rd party A but version 1.1, how it will be solved > > > by > > > the user? > > > > First, lets understand that this was an issue in the past too, right? > > > > You can always use virtualenv: > > $ virtualenv w3af-venv > > $ . w3af-venv/bin/activate > > (w3af-venv)$ cd w3af-repo > > (w3af-venv)/w3af-repo$ ./w3af_console > > (w3af-venv)/w3af-repo$ pip install ... > > > > All the packages are installed inside the w3af-venv directory, and > > while your prompt says "w3af-venv" you're using that specific python > > > > Regards, > > > > > В письме от 29 января 2014 19:03:23 пользователь Andres Riancho написал: > > >> Taras, > > >> > > >> Added that because it is the best thing to do. Search the mailing > > >> > > >> list for the issue we had with pdfminer, what happen there was: > > >> * w3af had a requirement for pdfminer, any version > > >> * w3af worked without issues with version 1 of that library > > >> * The pdfminer developers released version 2 of that library > > >> * People trying to install w3af, and because the requirement > > >> > > >> didn't had any specific version installed pdfminer like "pip install > > >> pdfminer" > > >> > > >> * w3af stopped working because pdfminer changed its API, and > > >> > > >> one of the functions we were calling wasn't there anymore > > >> > > >> * Fix> Add specific version matching for pip packages > > >> > > >> On Wed, Jan 29, 2014 at 5:46 PM, Taras <ox...@oxdef.info> wrote: > > >> > I was wrong...I have working **master** branch :( > > >> > > > >> > Andres, why did you add requirement for **exact** match of versions > > >> > in > > >> > 'feature/module' branch? > > >> > > > >> > $ grep -B5 'version matches' > > >> > w3af/core/controllers/dependency_check/dependency_check.py > > >> > > > >> > for w3af_req in pip_packages: > > >> > if USE_PIP_MODULE: > > >> > dependency_specs = w3af_req.package_name, > > >> > w3af_req.package_version > > >> > > > >> > for dist in pip_distributions: > > >> > if (dist.project_name, dist.version) == > > dependency_specs: > > >> > # It's installed and the version matches! > > >> > > > >> > ... > > >> > > > >> > В письме от 26 января 2014 14:39:14 пользователь Taras написал: > > >> >> Israel, I have working "feature/module" version of w3af on 13.10 > > >> >> What problems do you have? > > >> >> > > >> >> В письме от 22 января 2014 21:53:48 пользователь Andres Riancho > > написал: > > >> >> > Israel, > > >> >> > > > >> >> > Haven't tried with that specific version, but what's wrong with: > > >> >> > git clone g...@github.com:andresriancho/w3af.git > > >> >> > cd w3af > > >> >> > git checkout feature/module > > >> >> > ./w3af_console > > >> >> > > > >> >> > On Wed, Jan 22, 2014 at 6:00 PM, Israel Duvdavan > > >> >> > > > >> >> > <israelzero...@gmail.com> wrote: > > >> >> > > Hi, does anyone have a working way to install W3af on 13.10? > > >> >> > > -- > > >> >> > > Israel > > >> >> > > > > >> >> > > ---------------------------------------------------------------- > > >> >> > > -- > > >> >> > > --- > > >> >> > > --- > > >> >> > > -- > > >> >> > > ---- CenturyLink Cloud: The Leader in Enterprise Cloud Services. > > >> >> > > Learn Why More Businesses Are Choosing CenturyLink Cloud For > > >> >> > > Critical Workloads, Development Environments & Everything In > > >> >> > > Between. > > >> >> > > Get a Quote or Start a Free Trial Today. > > >> >> > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140 > > >> >> > > /o > > >> >> > > stg > > >> >> > > .cl > > >> >> > > kt > > >> >> > > rk _______________________________________________ > > >> >> > > W3af-develop mailing list > > >> >> > > W3af-develop@lists.sourceforge.net > > >> >> > > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > >> > > > >> > -- > > >> > Taras > > >> > https://www.oxdef.info > > > > > > -- > > > Taras > > > https://www.oxdef.info -- Taras https://www.oxdef.info ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
