Log file Viewer
#pypa logs for Monday the 2nd of March, 2015
[00:04:30] <dstufft> and the most obvious one tells you that you probably don't want it when you try to use it
[00:06:41] <mathieui> hg and git are not that much different, except hg needs plugins and custom configuration for many git features, and makes it less tempting to rewrite history
[00:07:31] <dstufft> agronholm: it's branch-ish, what you'd use patch queues for in mercurial I'd use a branch for in git
[00:07:37] <agronholm> I didn't even know about the history rewriting extension before someone educated me at last pycon
[00:07:53] <mathieui> it’s a very decent DVCS (especially when you take bzr into account), but I still prefer git because it’s “batteries included”
[00:10:41] <dstufft> is it deprecated? this page doens't say it is -> http://mercurial.selenic.com/wiki/TransplantExtension just that in newer Hg's you can use graft
[00:12:51] <dstufft> anyways, my point is that my experience with using Hg, is that when I want to do somehting, someone tells me to use an extension, and then I google it and there are like 2-4 options for what extension I want and I typically get annoyed at trying to evaluate them and just give up and use hg diff --git and patch files in my current directory to do things
[00:20:28] <dstufft> I think the primary reason why the meme that hg is easier to use but git is more powerful came from the early days before git had much porclean commands so it was all plumbing and because hg commands match existing VCS commands functionality better, whereas git commands match the git object model better
[12:05:50] <ronny> dstufft: im wondering, would it be acceptable to bundle setup_requires wheels inside of a sdist (i.e. setuptools, setuptools_scm and so on)
[17:26:30] <tdsmith> if a package wants to build python bindings for a thin x86_64 library on OS X on a universal (i386+x86_64) python, what should it do?
[18:00:40] <tdsmith> someone's asking homebrew if a library can always be a universal build so that their python module builds with system python (which is universal) and i'm wondering if they should just change how their python module is built
[18:10:10] <tdsmith> homebrew considers the request reasonable, for better or worse :) we try not to force users to depend on our versions of things to avoid the macportsian dilemma of having to rebuild perl every time you want to upgrade something
[22:16:32] <ronny> Ivo: why would it make them useless, you'd be shipping known good versions, no updates needed
[22:20:37] <nedbat> I am using "pip install -q --exists-action w -r requirements.txt", and a git link in the requirements.txt file will not update unless I uninstall the package first. I've tried bumping the version number in the referenced repo, doesn't help.
[22:21:12] <nedbat> the line in the requirements.txt file is: git+https://github.com/edx/edx-lint.git@c592557ecee8f2f1ef14ad984e1353f41aba0b47#egg=edx_lint
[22:22:11] <tos9> but yes, updates are like any other updates in pip, they don't do what you want / mean
[22:22:35] <ronny> i prefer makign a new release to fix things over having a existing release that worked as expected break automatically
[22:24:09] <Ivo> ronny: hopefully people making use of semantic versioning and proper use of ~= will fix most of that as well
[22:25:05] <nedbat> Ivo: ok, but if the requirements.txt had "some_package=1.2.3", and I had 1.1 installed, it would install 1.2.3 even without the --update, right?
[22:25:46] <Ivo> for example httplib2 doesn't really use semantic version, means we have to make sure it works right every new version we use with pip
[22:25:50] <ronny> nedbat: scm links are flaky - in particular with dvcs you have next to no way to figure ordering
[22:26:30] <Ivo> nedbat: you can also refer to a branch to install, or tag, instead of a particular commit, if you like
[22:26:44] <nedbat> tos9: well, -U is a big hammer: it applies to all the packages, and all their dependencies
[22:27:16] <Ivo> nedbat: no, the thing (and its version) you're installing is decided by its exact state at checkout, not what you want to specify
[22:29:03] <nedbat> Ivo: will that do what I want? Does pip assume the tag is a version number, and use it to decide to install?
[22:29:38] <Ivo> but anyway, if you don't want projects updating themselves willy-nilly, then restrict their versions
[22:30:34] <nedbat> Ivo: I'm trying to understand the logic pip uses to decide what a git url means, and when to install it.
[22:31:04] <tos9> nedbat: they're used for the case where pip clones, they just specify what to checkout.
[22:31:52] <ronny> nedbat: my personal oppinion is to never use git urls, instead using devpi and something like setuptools_scm in comibination
[22:32:19] <nedbat> ronny: that's something I'll look into. It won't get me past this bump right now though.
[22:32:20] <tos9> nedbat: persisted in the version information for comparison, it may be stored elsewhere
[22:32:45] <tos9> nedbat: I forget if pip does that (shows you commits) when you don't use -e -- does it, or are you using -e?
[22:33:04] <ronny> nedbat: so if the project in question doesnt have a scm aware setup.py, you get whatever was in there statially
[22:33:58] <ronny> nedbat: a setup.py that will ask the underlying scm for a version if possible and fallback to known metadata otherwise
[22:35:14] <tos9> if you have -e, you still keep the checkout, so theoretically pip could be more intelligent if you have -e yourrequirement in your requirements.txt
[22:35:55] <nanonyme> Eventually someone anyway forgets to bump the version number and then it's just a lie
[22:35:56] <tos9> but not "really" since you could have changed the repo yourself, so that seems kind of... hairy to me, I dunno.
[22:36:25] <nanonyme> ronny, well, everything that changes is built in separate Visual Studio projects and added to the Python packages as includes
[22:36:31] <nedbat> tos9: without -e, pip has the version (freeze shows it), and the git clone it makes from the url will have a version in the setup.py. There is enough information to install the right version.
[22:37:06] <nanonyme> tos9, you never end up having to backport bug fixes to customers for old versions?
[22:37:48] <nedbat> tos9: hmm, don't know why, I get the version, just as if I had installed from PyPI.
[22:38:09] <nanonyme> ronny, we use Python mostly as a tool to bind against C/C++ projects and writing test automation against them
[22:39:27] <ronny> nedbat: does your setup.py determine the version from static commited file or does your setup.py ask the scm?
[22:39:38] <tos9> nedbat: why :P? I'd prefer not doing network IO, and if I want network IO, I tell pip to upgrade
[22:40:07] <nedbat> tos9: ok, I'm looking for a middle ground between "maintain radio silence" and "upgrade everything everywhere"
[22:40:17] <tos9> anyways, I'm goign to shut up, because I think we all know what the parameters are at this point
[22:40:22] <ronny> nedbat: then that is what pip will see as version for all checkouts until you bump
[22:40:39] <tos9> nedbat: Yup. I don't htink there is a good solution for that other than recursive pinning, but maybe someone else does.
[22:40:44] <nedbat> ronny: well, except that using a git url, it doesn't seem to clone the repo to find the version string.
[22:41:01] <tos9> The real solution is for pip to grow actual upgrade, but that is limited by either dstufft's time or someone else doing it it sounds like
[22:42:04] <tos9> upgrade just the packages that changed versions, although if they specify new versions of deps, you have to do taht too, but not anything whose current version satisfies the new version's dep
[22:42:59] <tos9> nedbat: I say "actual upgrade" because to me this is the correct default, and not the crazy behavior we currently have
[22:43:40] <Ivo> nedbat: so had you tried https://github.com/edx/edx-lint.git@c592557ecee8f2f1ef14ad984e1353f41aba0b47#egg=edx_lint==0.2
[22:50:54] <Ivo> works exactly the same as a normal requirement from pypi, wont do upgrades unless you tell it to install a specific version not compatible with that that's already installed
[22:54:02] <dstufft> what we really need is for pip to understand the fact that there are more version constraints than exist in a current invocation
[22:55:44] <tos9> dstufft: aren't the sum total of those additional complaints the definition of "minimal install"?
[22:56:28] <Ivo> I think people wanting minimal installs haven't realised how much ruby & js managed to get right with semantic versioning
[22:57:47] <nedbat> Ivo: interestingly, that syntax doesn't seem to be mentioned on that page either...
[22:58:29] <tos9> Ivo: not in the least -- just find one of 3 separate jashkenas bug tickets where a version of underscore or another jashkenas project saw major breaking changes in minor releases.
[22:58:55] <tos9> it's a loose commitment that everyone should be making anyhow regardless of versioning scheme
[22:59:53] <tos9> Ivo: it isn't but packaging tools would treat it as such -- well unless they specifically don't, I don't know about what various tools do
[23:00:33] <Ivo> tos9: just last week there were minor scuffles in whether projects like backbone should switch to lodash because underscore was breaking stuff with minor versions bumps
[23:00:36] <nedbat> Ivo: my problem isn't so much with pinning, as not wanting to use the big -U hammer to get my latest git repo installed. But you gave me the right solution: a version number on the git url
[23:00:57] <tos9> I'm saying sem ver doesn't at all have anything to do with needing minimal install
[23:01:36] <Ivo> well I was talking about things going well when semantic versioning gets done right, you told me it was a lie and pointed out a project that happened to not follow it at all, so I'm pretty confused, that's a non-sequiter
[23:02:11] <tos9> specifically, if you pin with ~= or whatever on a sem ver project, you *still* need minimal install.
[23:02:13] <dstufft> tos9: the problem with a naive minimal upgrade is, what do you do when you need to upgrade your versions, but there are competing constraints, e.g. pip install --minimal-upgrade foo, where foo depends on bar>=1.0, but you have bar 0.8 installed, what most people want is that you upgrade bar to the latest version that matches the >=1.0 specifier, but what if you also have osmething else installed that also depends on bar, but it depends on bar <3
[23:02:43] <tos9> Ivo: Because sem ver has nothing to do with this. Minimal install is how you do "least risk" upgrades
[23:03:38] <Ivo> when you follow sem ver, and the projects you rely on do, you SPECIFY the risk in the version. So you specify your risk yourself, while doing a full upgrade
[23:04:01] <tos9> dstufft: personally I'd expect behavior that tries to satisfy all the constraints I guess
[23:05:13] <dstufft> you have Gemfile, which you record broad rangers (such as with ~>), when you do the deploy you generate a Gemfile.lock which pins you to ==, and then you can upgrade specific dependencies in the Gemfile.lock (but within the constraints of the Gemfile)
[23:05:23] <tos9> Ivo: "This is the level of risk" doesn't correspond with "and by the way, I want to incur that risk every time I want to upgrade some other thing"
[23:05:51] <tos9> Ivo: if someone releases another minor version, and you want to upgrade some other package (a major version say, or to a specific minor version), it is unacceptable to upgrade the first package, just because of semver
[23:06:11] <tos9> unless you specifically indicate that that's the behavior you want (and I know that's a thing, I think it's a bad one)
[23:07:05] <Ivo> which ofc used to be absolutely and unequivocally impossible, because everyone used version to mean different things
[23:08:48] <Ivo> and if you're complex enough, confliciting sub-dependency conflicts can hit you no matter which policy you like, they'll just hit you in a different manner
[23:09:57] <Ivo> tos9: upgrading the least things also means you get the least possible security updates. How are you specifying that risk?
[23:10:42] <dstufft> that communication is less useful for things like where you're doing something like deploying webapps, where you want to minimize the risk of a deploy breaking because of an unrelated thing updating
[23:12:12] <dstufft> (my point isn't that we don't need a better upgrade mechanism, just that inverting it from greedy to lazy won't actually solve the problem, it'll just shuffle deck chairs around until we get other pieces in that will make it work)
[23:12:46] <tos9> personally I don't care if it's different and the current one goes or different and the current one stays :P
[23:13:27] <dstufft> and typically the workflow people want is <do minimal upgrade>, pip freeze to update the requirements.txt
[23:13:48] <dstufft> I think to really make a good deployment story we need to rework the way we handle requirements.txt files
[23:13:56] <tos9> yeah, except requirements.txt conflates what I need with what this deployment has right now
[23:14:53] <dstufft> (I think I'm explaining this really poorly TBH. It's a sort of subtle issue and I have a hard time putting what I mean into words about it)