Log file Viewer

[02:33:56] <tchaypo> lifeless: you might remember a time a few months ago when i mentioned I was taking on paperwork duties, and your first response was to say you'd have to find someone else to pick up the work I was about to drop...

[02:34:19] <lifeless> yup

[02:34:34] <lifeless> tchaypo: you're going to say I was totally wrong?

[02:34:53] <tchaypo> I'd like to

[02:34:59] <tchaypo> But actually.

[02:35:47] <tchaypo> I'm saying that nakato has graciously added the setuptools-gets-sad-when-pbr-is-installed-partway-through-install thing

[02:36:11] <tchaypo> To her list of things that make her sad. She says it distracts her from the other things

[02:37:48] <lifeless> tchaypo: ok; its making lots of people sad :)

[14:10:55] <Ivo> how do apple manage to fuck up python even more than the distros lol

[14:14:28] <sigmavirus24> Ivo: because Apple?

[14:14:30] <sigmavirus24> =P

[14:14:58] <Ivo> you running multiple irc clients or smth

[14:17:49] <dstufft> python -m ensurepip works on Apple at least.

[14:26:42] <Ivo> how old is six 1.4.1 tho

[14:34:06] <Ivo> 2 years old

[14:34:28] <Ivo> apple managed to package 2 year old six with newest OSX

[14:34:35] <Ivo> wtf just stop using python

[16:45:21] <ErikRose> dstufft: I'm going to get the docs updated on my pip-hashing branch, and then I'll be ready for as much review as you (or jezdez?) can give me.

[16:46:34] <dstufft> ErikRose: sure

[17:46:40] <Ivo> dstufft: I think installing pip[scripts] might be cooler than pip-cli

[17:53:40] <dstufft> Ivo: well, it'd basically have to be implemented that way

[17:53:53] <dstufft> e.g. pip[scripts] woould just extras install pip-cli

[17:54:32] <Ivo> I think getting pip to ask to replace scripts would be simplest solution for now

[20:27:21] <dstufft> Ivo: I mean, that helps some of the situation, but it doesn't hardly solve all of it

[20:27:53] <Ivo> It solves a lot of the practical issues people come up against

[20:28:14] <Ivo> by "that" do you mean my couple sentences above or my post on the issue dstufft

[20:28:41] <dstufft> Ivo: the asking to replace scripts

[20:28:56] <dstufft> I just got back onto the computer, didn't really process your post yet

[20:29:23] <Ivo> well, probs easier to read that to get my full thoughts

[20:33:23] <dstufft> I got a massive migraine so not sure if I'll circle back around to that today or not

[20:33:36] <dstufft> it's a complex issue that requires careful though

[20:34:29] <Ivo> massive migraine sounds distastrous for thinking about stuff

[20:34:34] <Ivo> bl

[20:44:26] <Ivo> ErikRose: expand https://pip.pypa.io/en/stable/user_guide/#ensuring-repeatability ?

[20:44:34] <ErikRose> Oh, for starters and for sure

[20:45:04] <ErikRose> But I'm thinking of retiring the "just do pip freeze, and that's repeatable" alternative and replace it with hashes.

[20:45:20] <ErikRose> That's approach #1.

[20:45:33] <ErikRose> Approach #2 is the wheel bundle, right under that section.

[20:45:54] <ErikRose> I'm thinking of combining them both under Ensuring Repeatability and discussing the pros and cons of each.

[20:46:39] <dstufft> ah yea, one of the ideas behind the wheel bundle thing was providing an alternative to pip bindle since we removed that

[20:47:06] <ErikRose> Yeah, the main pro of that is you don't have to have the index server up.

[20:47:08] <dstufft> I don't have an opinion on what to do about it though

[20:47:23] <ErikRose> Actually, strike that #1/#2 dichotomy.

[20:47:42] <ErikRose> Once I get "pip wheel" supporting hashes, you can have both.

[20:47:59] <ErikRose> So, go as far as you like, either shuttling a bundle around or choosing not to.

[21:05:41] <ErikRose> Dang it, I just realized I never implemented pip hash.

[21:09:00] <Ivo> lolwut

[21:09:11] <Ivo> !m ErikRose

[21:09:11] <pmxbot> you're doing good work, ErikRose!

[21:09:20] <Ivo> :D

[21:09:20] <ErikRose> Thanks, pmxbot?

[21:10:01] <ErikRose> Yeah, I was going to have a nice "pip hash" command that'd spit out a sha256 digest of a local file, just for convenience.

[21:10:19] <ErikRose> Though I guess I made the error messages so good for pip install that it's not really vital for 1.0.

[21:10:36] <ErikRose> There'll always be one more thing to do. :-)

[21:14:38] <Ivo> wonder when 3.6 merge deadline closes

[21:14:45] <Ivo> could get sha3 in there

[21:15:05] <ErikRose> I thought sha1 was broken now, but it looks like it costs $2.7M to find a collision.

[21:15:58] <ErikRose> Okay, I guess that's enough for some people to recommend against using it for signatures anymore: https://en.wikipedia.org/wiki/SHA-2

[21:16:03] <ErikRose> wfm

[21:20:01] <ErikRose> It's weird that Hash Verification is within the Wheel Cache section. *moves*

[21:21:27] <ErikRose> Actually, I think that's just a mistake: somebody used the wrong underline chars for Wheel Cache.

[21:21:41] <ErikRose> fixed

[21:22:28] <ErikRose> Ah, actually, I bet Wheel Cache is supposed to be under Caching.

[21:31:25] <lifeless> yeah

[21:31:28] <lifeless> bah

[23:43:23] <ErikRose> Here's how I'm thinking of restructuring the "Repeatability" section: https://gist.github.com/erikrose/30e129d7368cd24809bc