Log file Viewer

[19:51:22] <Arfrever> jaraco: Is there a reason why setup.py of setuptools has "certifi==0.0.8" instead of just "certifi"? (Currently the newest version of certifi is 1.0.1.)

[19:51:54] <jaraco> Arfrever: you'd have to ask pje. I suspect he pinned the version for performance reasons.

[19:52:07] <jaraco> I suspect it's safe to pin it to a more recent version.

[19:52:17] <jaraco> Though I'd investigate what the difference between 1.0.0 and 0.0.8 is.

[19:53:09] <jaraco> As for leaving the version unpinned, I wouldn't recommend that unless certifi advertises some guarantees about their versions and compatibility.

[19:54:32] <dstufft> certifi is only some .pem certs

[19:54:42] <dstufft> it doesn't have any meaningful code

[19:55:02] <dstufft> the reason it's pinned to 0.0.8 I suspect is so it can use the md5 hash in the dependency links

[19:55:20] <jaraco> I'm sure dstufft is right.

[19:55:27] <dstufft> setuptools should be tracking certifi though, becuae 0.0.8 is old and contains stuff that is untrusted now

[19:57:06] <Arfrever> dstufft: By the way, do you have ability to add me (Arfrever) to pypa group in github? (I am in pypa group in bitbucket.)

[19:57:54] <dstufft> Arfrever: I have no idea if I can do that or not

[19:58:28] <dstufft> I'm decompressing like 100gigs of log files atm

[19:58:42] <dstufft> so my IO is starved and everything is jerky

[20:08:27] <jaraco> https://bitbucket.org/pypa/setuptools/issue/162/update-dependency-on-certifi

[22:11:30] <pmxbot> b'test'

[22:17:36] <dstufft> someones trying out Python3

[22:57:17] <jaraco> it was me. I'm trying to get bitbucket notifications working.

[22:57:25] <jaraco> But I'm finding post requests are not reaching the bot.

[22:57:30] <jaraco> https://support.atlassian.com/browse/BBS-8421