Andres, Sorry for delayed reply.
> Not sure if I'm understanding your point. > > * The pdfminer issue occurred because we had this requirement: > pdfminer (no version requirement) > * If we specify something like: pdfminer>=3, then we're fine until > they release version 4 which breaks their API and w3af breaks Breaking of API is unusual and infrequent case in normal software. In another case it will break current package system ideology in Linux distros. Just try to find e.g. in Ubuntu repository package with such strict dependencies. It will be difficult task! > * If we specify the version: pdfminer==3, then we're fine for ever. Yes, we're fine, but **who** and **how** will be able to install and use w3af? Virtualenv is not solution for the end user. Only for development. > >> В письме от 1 февраля 2014 14:36:05 пользователь Taras написал: >>> Andres, >>> >>> When I talked about packaging problem I meant problems with supported >>> versions of e.g. python libs for current popular distros. Consider we have >>> e.g. some Debian/Ubuntu distro and want to package/install w3af from >>> official repo. w3af from feature/package branch requires lxml version >>> exactly 2.3.2, but supported and packaged version of lxml for Ubuntu 13.10 >>> is 3.2.0! >>> >>> $ apt-cache show python-lxml >>> Package: python-lxml >>> Priority: optional >>> Section: python >>> Installed-Size: 2390 >>> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> >>> Original-Maintainer: Matthias Klose <d...@debian.org> >>> Architecture: amd64 >>> Source: lxml >>> Version: 3.2.0-1 >>> >>> Because of that you can't simply make and provide w3af thought official >>> repo. No one package maintainer will support several packaged minor >>> versions of single lib.And for the end user there is only one way to >>> install and use w3af. It is virtualenv + git clone :( >>> >>>>> 1. It makes impossible to package&install w3af, e.g. into deb package, >>>>> doesn't it? >>>> >>>> That's a good question, I'm not packaging expert but I suppose there >>>> is a solution? Also I suppose that this was an issue in the past, >>>> >>>> without the specific version requirement? Lets follow this timeline: >>>> * (assume) w3af is packaged in debian. Requires extra package >>>> >>>> python-pdfminer-v1. No check for specific version of any pip package. >>>> >>>> * foo is another debian package. Requires extra package >>>> >>>> python-pdfminer-v2 * User installs w3af: apt-get install w3af >>>> >>>> * Run w3af, it works >>>> * User installs foo: apt-get install foo >>>> >>>> - Command will warn that it will break the w3af install? (not >>>> >>>> sure, not a packaging expert) >>>> >>>> - Command will succeed and replace python-pdfminer-v1 with >>>> >>>> python-pdfminer-v2 >>>> >>>> * Run foo, it works >>>> * Run w3af, it fails because now python-pdfminer-v2, which changes >>>> >>>> the API is installed >>>> >>>>> 2. If w3af requires 3rd party A version 1 and another application on the >>>>> system also requires 3rd party A but version 1.1, how it will be solved >>>>> by >>>>> the user? >>>> >>>> First, lets understand that this was an issue in the past too, right? >>>> >>>> You can always use virtualenv: >>>> $ virtualenv w3af-venv >>>> $ . w3af-venv/bin/activate >>>> (w3af-venv)$ cd w3af-repo >>>> (w3af-venv)/w3af-repo$ ./w3af_console >>>> (w3af-venv)/w3af-repo$ pip install ... >>>> >>>> All the packages are installed inside the w3af-venv directory, and >>>> while your prompt says "w3af-venv" you're using that specific python >>>> >>>> Regards, >>>> >>>>> В письме от 29 января 2014 19:03:23 пользователь Andres Riancho написал: >>>>>> Taras, >>>>>> >>>>>> Added that because it is the best thing to do. Search the mailing >>>>>> >>>>>> list for the issue we had with pdfminer, what happen there was: >>>>>> * w3af had a requirement for pdfminer, any version >>>>>> * w3af worked without issues with version 1 of that library >>>>>> * The pdfminer developers released version 2 of that library >>>>>> * People trying to install w3af, and because the requirement >>>>>> >>>>>> didn't had any specific version installed pdfminer like "pip install >>>>>> pdfminer" >>>>>> >>>>>> * w3af stopped working because pdfminer changed its API, and >>>>>> >>>>>> one of the functions we were calling wasn't there anymore >>>>>> >>>>>> * Fix> Add specific version matching for pip packages >>>>>> >>>>>> On Wed, Jan 29, 2014 at 5:46 PM, Taras <ox...@oxdef.info> wrote: >>>>>>> I was wrong...I have working **master** branch :( >>>>>>> >>>>>>> Andres, why did you add requirement for **exact** match of versions >>>>>>> in >>>>>>> 'feature/module' branch? >>>>>>> >>>>>>> $ grep -B5 'version matches' >>>>>>> w3af/core/controllers/dependency_check/dependency_check.py >>>>>>> >>>>>>> for w3af_req in pip_packages: >>>>>>> if USE_PIP_MODULE: >>>>>>> dependency_specs = w3af_req.package_name, >>>>>>> w3af_req.package_version >>>>>>> >>>>>>> for dist in pip_distributions: >>>>>>> if (dist.project_name, dist.version) == >>> >>> dependency_specs: >>>>>>> # It's installed and the version matches! >>>>>>> >>>>>>> ... >>>>>>> >>>>>>> В письме от 26 января 2014 14:39:14 пользователь Taras написал: >>>>>>>> Israel, I have working "feature/module" version of w3af on 13.10 >>>>>>>> What problems do you have? >>>>>>>> >>>>>>>> В письме от 22 января 2014 21:53:48 пользователь Andres Riancho >>> >>> написал: >>>>>>>>> Israel, >>>>>>>>> >>>>>>>>> Haven't tried with that specific version, but what's wrong >> with: >>>>>>>>> git clone g...@github.com:andresriancho/w3af.git >>>>>>>>> cd w3af >>>>>>>>> git checkout feature/module >>>>>>>>> ./w3af_console >>>>>>>>> >>>>>>>>> On Wed, Jan 22, 2014 at 6:00 PM, Israel Duvdavan >>>>>>>>> >>>>>>>>> <israelzero...@gmail.com> wrote: >>>>>>>>>> Hi, does anyone have a working way to install W3af on 13.10? >>>>>>>>>> -- >>>>>>>>>> Israel >>>>>>>>>> >>>>>>>>>> ---------------------------------------------------------------- >>>>>>>>>> -- >>>>>>>>>> --- >>>>>>>>>> --- >>>>>>>>>> -- >>>>>>>>>> ---- CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>>>> Critical Workloads, Development Environments & Everything In >>>>>>>>>> Between. >>>>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140 >>>>>>>>>> /o >>>>>>>>>> stg >>>>>>>>>> .cl >>>>>>>>>> kt >>>>>>>>>> rk _______________________________________________ >>>>>>>>>> W3af-develop mailing list >>>>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>> >>>>>>> -- >>>>>>> Taras >>>>>>> https://www.oxdef.info >>>>> >>>>> -- >>>>> Taras >>>>> https://www.oxdef.info >> >> -- >> Taras >> https://www.oxdef.info > > > -- Taras https://www.oxdef.info ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
