Log file Viewer

[10:19:51] <ThiefMaster> any plans to release a fix for 20.2.1 that avoids breaking on requirements with spaces around the operators ('foo > 2.0' etc)?

[10:42:33] <ronny> ThiefMaster: is a issue reported?

[10:42:43] <ronny> jasons time is rather thin

[10:43:15] <ThiefMaster> https://bitbucket.org/pypa/setuptools/issues/502/packaging-164-does-not-allow-whitepace

[10:44:49] <ThiefMaster> it seems like the kind of issue where a fix should be pushed out ASAP. a rather harmless `pip install -U ipython` actually broke one of our production machines since ipython pulls in the latest version of setuptools, which in turn caused runtime requirement checks to fail on requirements with spaces

[10:44:50] <ronny> did someone fix it in packaging already?

[10:45:48] <ronny> ThiefMaster: im aware that it should be fixed promptly, but setuptools is currently entirely on volunteer time of one very busy man

[10:46:14] <ThiefMaster> what about taking down the release from pypi?

[10:46:31] <ThiefMaster> that way people at least won't get a version that's likely to break things

[10:46:45] <ronny> dstufft: can you do that in coordination with jason?

[10:51:39] <dstufft> do what

[10:52:39] <ronny> dstufft: block the most recent setuptools release on pypi, since its breaking requirements with spaces around operators due to a issue in latest packaging

[10:53:56] <dstufft> Jason can pull it down himself. I can't do it without abusing my admin privileges (though Jason would likely not be upset)

[10:55:03] <ronny> ThiefMaster: perhaps shoot jason a mail about it, but it might be until late night in the uk for him to be able to respond

[10:55:38] <ThiefMaster> i don't have his email address

[10:57:23] <dstufft> jaraco @ jaraco . com

[10:57:29] <ThiefMaster> and hm, since this is an issue that may break things for many people it sounds like a case where (ab)using admin privs would be appropriate.. anyway, for the future it seems like it'd be useful to have more people with "official" access to the package just in case

[10:57:33] <ThiefMaster> ok thanks, will send him an email

[11:38:48] <ronny> ThiefMaster: for very personal reasons im out of all volunteering efforts atm

[11:39:04] <ronny> im planning to join in on setuptools in a few months tho

[13:28:27] <DRMacIver> I've been getting 500 errors when uploading new Hypothesis versions to pypi in the last day or two, but status isn't showing anything wrong. Known issue?

[13:28:42] <DRMacIver> The upload actually works in that the package is there afterwards.

[16:23:52] <hanz> Hi. I'm trying to set up a virtualenv using "$ virtualenv --relocatable local && local/bin/pip install Twisted", but it does not work and it tries to install Twisted into /usr/local/lib/python2.7/disk-packages instead of into the virtualenv. Does anyone see what I'm doing wrong?

[16:38:46] <hanz> OK. I think I found the problem. relocatable virtualenv's don't seem to work for me

[18:25:22] <freekevin> hi

[18:25:26] <freekevin> need help with pip

[18:25:35] <freekevin> throwing ssl errors

[18:25:44] <freekevin> need to compile crypto

[18:25:45] <odyssey4me> is it possible to make pip search only output the matching package name, not all matches based on some sort of regex which appears to be the default?

[18:25:59] <freekevin> how do i cross-compile crypto on a limited busybox

[18:26:20] <freekevin> i need to cross-compile stuff , its a broadcom chipset

[18:26:28] <freekevin> is there anyway to bypass ssl in pip?

[18:26:51] <freekevin> im just using easy_install right now

[18:26:57] <freekevin> and i can install python stuff I want

[18:27:09] <freekevin> but its horrible for packages with lots of plugins

[18:27:22] <ngoldbaum> freekevin: "pip install --allow-insecure"

[18:27:28] <ngoldbaum> something something MITM attack

[18:27:57] <ngoldbaum> e.g. pip install --upgrade --allow-insecure setuptools setuptools

[18:28:07] <ngoldbaum> --allow-insecure takes a package name as an argument

[18:28:15] <freekevin> ok ok

[18:28:26] <freekevin> otherwise i have to cross compile libff too

[18:28:37] <odyssey4me> it seems that pip search '^wheel$' creates an exception, whereas pip search 'wheel$' gives me any package names ending in wheel...

[18:28:48] <odyssey4me> I want only the package name called wheel

[18:29:06] <freekevin> ngoldbaum: ill take the risks, as I have no clue how to cross compile

[18:29:16] <freekevin> ngoldbaum: isnt easy_install then vuln to it?

[18:29:26] <freekevin> ive only been using easy install anyways so it wont be a difference then

[18:29:35] <freekevin> if easy_install can be mitm'd

[18:30:00] <freekevin> arnt the packages md5'd?

[18:30:04] <ngoldbaum> odyssey4me: I don't think "pip search" has a --exact option, e.g. https://github.com/pypa/pip/issues/54

[18:30:06] <freekevin> doesnt pip check md5's?

[18:31:29] <Wooble> why wouldn't the download of the md5 be MITM'ed too, if it did?

[18:31:50] <odyssey4me> ngoldbaum :( so it seems that the only option here is to submit a patch, or to implement something in python that does the search and produces the result I want

[18:32:16] <Wooble> (it also doesn't check actual cryptographic signatures, not that many packages even have them)

[18:32:56] <freekevin> well the NSA also can crack SSL on the fly

[18:33:07] <freekevin> so others will be able to as well

[18:33:08] <Wooble> {{citation needed}}

[18:33:34] <Wooble> not that anyone uses SSL anymore anyway.

[18:34:30] <freekevin> can pip upgrade itself?

[18:34:50] <Wooble> pip install -U pip

[18:34:59] <Wooble> (it will even tell you this, if it's out of date)

[18:38:07] <freekevin> InsecurePlatformWarning

[18:38:55] <freekevin> /opt/local/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

[18:39:14] <freekevin> even with that command ngaio

[18:39:17] <freekevin> ngoldbaum

[18:40:01] <freekevin> --allow-insecure was added

[18:40:35] <ngoldbaum> freekevin: dunno, i was just googling, not an expert

[18:40:53] <freekevin> yah you wont find the answer on google

[18:40:55] <freekevin> i tried

[18:41:15] <freekevin> closest Ive come is that i have to cross compile crypto

[18:41:24] <freekevin> I tried compiling on the broadcom chipset

[18:41:31] <freekevin> but gcc is broken on it

[18:41:39] <freekevin> and the guy who cross compiled gcc for this arch said its broken

[18:41:42] <freekevin> and he gave up