PMXBOT Log file Viewer

Help | Karma | Search:

#pypa logs for Wednesday the 2nd of May, 2018

(Back to #pypa overview) (Back to channel listing) (Animate logs)
[03:07:35] <tdsmith> pr3d4t0r: homebrew will feel less responsible for breaking a pipenv you didn't install with homebrew
[03:08:06] <tdsmith> when 3.7 hits all your shebangs for scripts installed with pip will break.
[03:08:39] <tdsmith> using pyenv (which you can install with homebrew!) pythons in preference to homebrew's distribution is a good way to avoid that churn
[03:18:30] <ngoldbaum> tdsmith: TIL, that's really cool
[03:18:50] <ngoldbaum> oh wait, misread
[03:18:58] <ngoldbaum> still cool, less cool than i thought :)
[03:19:07] <ngoldbaum> i thought you were saying homebrew would somehow rewrite the shebangs
[03:19:28] <tdsmith> it probably could, whether that would be a good idea or not, but afaik it does not
[03:20:01] <tdsmith> (psst ngoldbaum are you going to the scipy conference)
[03:20:07] <ngoldbaum> yeah i go every year
[03:20:18] <ngoldbaum> speaking of, i should register and book my hotel tomorrow
[03:20:23] <ngoldbaum> i wasn't going to give a talk
[03:20:31] <ngoldbaum> but i got roped into giving a 2 minute talk
[03:20:34] <ngoldbaum> does that count? ;)
[03:21:12] <tdsmith> if i were submitting my expenses to someone who cared whether i was talking or not i would definitely think that counted
[03:21:29] <ngoldbaum> lol
[03:21:30] <ngoldbaum> good point
[03:21:34] <ngoldbaum> thankfully NCSA doesn't care
[03:21:41] <ngoldbaum> well, not for reimbursement purposes
[03:21:47] <ngoldbaum> you're going?
[03:23:26] <tdsmith> i'm considering it; i suddenly live in a world with lots more jupyter and spark and the data science and viz tracks look interesting
[03:24:05] <ngoldbaum> ah yeah, there will be lots of both
[03:24:10] <ngoldbaum> although definitely more jupyter stuff
[03:24:17] <ngoldbaum> (i don't really "get" spark)
[03:24:29] <ngoldbaum> it's a great conference
[03:24:32] <ngoldbaum> if you've never been
[03:25:14] <ngoldbaum> i think of it as my "home" conference, a lot of the developers of the major open source scientific python package go to it regularly
[03:26:23] <tdsmith> i'm not totally sure what communities i want to participate in as a "data scientist" but the python one is at least familiar
[03:27:12] <ngoldbaum> these days scipy is like 50/50 academic/datascience
[03:27:31] <ngoldbaum> so there's definitely lots of content for a data science audience
[03:27:50] <ngoldbaum> but there's also always going to be a flavor of an interdisciplinary academic conference
[03:28:08] <ngoldbaum> if only because most people develop these packages as grad students or postdocs
[03:28:26] <tdsmith> haha yes
[03:29:36] <ngoldbaum> it's too late but i bet they'd have taken a talk from you about homebrew, although i know you don't do homebrew stuff much anymore
[03:30:23] <tdsmith> i'm also hoping someone can demonstrate a way to make notebooks reviewable but i'm not holding my breath; this is really just the bigger struggle about effective patterns in data analysis vs software development and whether/the degree to which they're the same thing or not
[03:30:36] <ngoldbaum> reviewable?
[03:31:09] <ngoldbaum> like in terms of code review?
[03:32:30] <tdsmith> mostly!
[03:32:35] <ngoldbaum> are you aware of https://github.com/jupyter/nbdime ?
[03:32:50] <tdsmith> maybe aspirationally towards a literate-programming document review sense but that sounds like an expensive hosted platform For Enterprise (tm)
[03:32:59] <ngoldbaum> i hope one day that github integrates that into the pull request workflow
[03:33:17] <ngoldbaum> ok, maybe i'm not quite understanding what your issue is
[03:33:21] <tdsmith> i'm aware of nbdime but yeah i wanted it to be integrated into things.
[03:33:22] <ngoldbaum> but yeah, there will be a lot of jupyter people there
[03:33:53] <ngoldbaum> less than like 3-4 years ago maybe because now they have jupytercon
[03:34:26] <ngoldbaum> which might actually be better for you if all you want is jupyter/data science stuff
[03:35:34] <tdsmith> it's way pricier and i like the greater breadth at scipy tbh. i really liked hilary parker's talk last year and was hoping to see more like it but the conference lineup didn't really speak to me this year
[03:36:00] <tdsmith> thanks for the pointer!
[03:36:17] <ngoldbaum> the keynotes at scipy are consistently great
[03:36:30] <ngoldbaum> and the sprints are great as well
[03:37:00] <ngoldbaum> don't ask me about the hallway track because i'm awkward and hate talking to new people
[03:37:48] <tdsmith> ah, i know this feeling
[03:38:56] <njs> Fernando was grumbling the other day about maybe they need to switch the notebook format from json to markdown-with-special-annotations, specifically so things like diffs would become workable
[03:39:10] <njs> I have no idea if anything will happen though, people grumble about a lot of things
[03:39:49] <ngoldbaum> yeah, that would have been better to change in like 2012!
[03:41:01] <tdsmith> i'm really fond of rmarkdown; maybe i should be thinking about pushing for better python support there
[03:44:39] <ngoldbaum> tdsmith: let me know if you decide to go, i owe you a beer for the number of times you've helped me unfuck various computer things
[03:44:44] <ngoldbaum> at least a beer :)
[03:45:30] <tdsmith> It would be a pleasure to take you up on that; I'll let you know!
[05:27:26] <nanonyme> I wish it was possible for a package to set constraints as well, not just requirements so you can force something to be updated while not directly depending on it
[05:42:31] <njs> nanonyme: I suspect Conflicts: support willb e added once pip has a real resolver... utnil then there's not much point though
[05:55:55] <pr3d4t0r> tdsmith: Thanks for the feedback, will act per advise. Have a successful day.
[06:23:35] <techalchemy> one of my coworkers wrote his thesis on package dependency resolution
[06:23:53] <techalchemy> gonna see if i can convince him to join the dark side
[06:24:09] <sandeep> HI
[06:24:25] <sandeep> I need some help in resolving an issue
[06:24:50] <Guest43138> ImportError: No module named dbus
[13:28:56] <plone4TLS12> Anyone knows about plone4 and pypi TLS 1.2 error???
[13:30:14] <mgedmin> pypi recently dropped support for TLS versions older than 1.2, but where does plone4 come into this?
[13:30:40] <mgedmin> is your plone instance talking to pypi for some reason? are you having trouble installing plone from pypi?
[13:42:32] <nanonyme> njs, I don't think conflicts is the same thing
[13:43:01] <nanonyme> Well, it kinda is in a backwards way
[14:03:11] <plone4TLS12> plone4 install has a python2.6 embeded, wich do not support TLS 1.2
[14:04:12] <plone4TLS12> The buildout uses easyinstall to download packages from pypi
[14:04:38] <plone4TLS12> easyinstall is like pip
[14:05:42] <apollo13> plone4TLS12: then yes, you cannot install from pypi
[14:06:02] <apollo13> plone4TLS12: TLS 1.2 is the minimal required version; there is no way around it
[14:06:11] <apollo13> you'll have to fix the embedded python
[14:06:50] <Wooble> plone's installation instructions seem to suggest using a virtualenv python and don't mention anything being embedded. :/
[14:09:44] <plone4TLS12> I think virtualenv is used only in more recent versions
[14:10:24] <plone4TLS12> The point is, how to upgrade python version in plone 4.1?
[14:10:50] <apollo13> that is something to ask in a plone channel I fear
[14:11:02] <mgedmin> yeah, it's a plone question
[14:11:03] <plone4TLS12> And wich python version is needed?
[14:11:14] <apollo13> any version that supports tls 1.2
[14:11:15] <mgedmin> python 2.6 is end-of-lifed, you should be using 2.7 at least
[14:11:23] <apollo13> 2.7 works generally
[14:11:28] <apollo13> at least if you are not on a mac ;)
[14:11:37] <plone4TLS12> Thanks
[14:11:41] <plone4TLS12> Linux
[14:11:48] <mgedmin> possibly 2.7.<sufficiently-recent-patchlevel> because the ssl module was improved in bugfix releases because Guido promised there will never be a python 2.8 ;)
[14:12:41] <plone4TLS12> Where i find a plone channel?
[14:12:47] <plone4TLS12> please
[14:13:07] <apollo13> no idea; check the freenode channel list or the plone homepage
[14:48:26] <Siecje> to find channels, use the freenode search service /msg alis list *yourtopic*
[15:05:21] <makan> pip is not working
[15:05:56] <apollo13> I disagree :) what problem do you have?
[15:05:57] <makan> ssl.c 794
[15:06:11] <makan> ssl.c 749
[15:06:21] <makan> none of the packages can be installed
[15:06:31] <apollo13> that sounds like you are having an issue with ssl ;)
[15:06:38] <apollo13> how old is your pip and on which system are you
[15:06:46] <mgedmin> that sounds like you have old pip or old python or old openssl
[15:06:49] <makan> i have just reinstalled python
[15:06:54] <apollo13> how?
[15:06:59] <apollo13> and which python and which pip
[15:07:00] <mgedmin> pypi.org requires TLS 1.2 support these days
[15:07:11] <makan> downloaded native instalation
[15:07:21] <apollo13> what is a native installation?
[15:07:31] <mgedmin> installer from python.org?
[15:07:35] <mgedmin> what OS btw?
[15:07:46] <makan> native = from https://www.python.org/
[15:07:50] <makan> no anaconda, etc.
[15:07:52] <makan> W10
[15:07:55] <makan> and W7
[15:08:00] <makan> both are not working
[15:08:02] <mgedmin> what python version?
[15:08:08] <makan> 3.6
[15:08:10] <apollo13> corporate environment?
[15:08:17] <makan> yes
[15:08:24] <makan> i will try from home
[15:08:25] <apollo13> yeah you gotta talk with your IT department
[15:08:31] <apollo13> I expect proxies etc
[15:08:50] <apollo13> or broken ssl mitm boxes
[15:09:17] <makan> so, from your side https://pypi.org/ should be up and running
[15:09:19] <makan> ?
[15:09:25] <apollo13> I can assure you it is, yes
[15:09:29] <makan> OK
[15:09:54] <makan> do you have a quick answer on where can I check if my machine supports
[15:09:58] <makan> TSL 1.2
[15:10:08] <makan> so I check that out immediately
[15:10:40] <apollo13> w10 certainly supports tls 1.2
[15:10:43] <apollo13> w7 too usually
[15:10:50] <makan> OK
[15:10:52] <apollo13> the problem will most likely be a proxy in between
[15:11:00] <apollo13> I doubt there is anything you can do on your windows system
[15:11:18] <makan> I will try to solve it with IT
[15:11:47] <makan> what can I point out as a probable cause of why this error might occur
[15:11:50] <makan> ?
[15:12:04] <apollo13> a change in pypi to only support tls 1.2
[15:12:12] <apollo13> and whatever fallout that causes in your infra
[15:12:19] <apollo13> also do you have a mandatory proxy?
[15:12:25] <makan> do not know
[15:12:27] <apollo13> you might need to configure pip to use that proxy
[15:12:29] <makan> about proxy
[15:12:56] <makan> this problem emerged I beleive as a result of migration that happened in April
[15:13:19] <apollo13> then either your company whitelistes ips etc for pypi or they have problems with tls 1.2
[15:13:29] <apollo13> tell them that the url and ips to pypi have changed
[15:13:31] <makan> in April everything was working
[15:13:32] <apollo13> also tls
[15:14:01] <makan> with --trusted-host I could install all packages and etc
[15:14:05] <mgedmin> http://pyfound.blogspot.lt/2017/01/time-to-upgrade-your-python-tls-v12.html
[15:14:11] <makan> but today nothing works
[15:14:12] <makan> OK
[15:14:14] <makan> thank yoz
[15:14:16] <makan> you
[15:14:18] <mgedmin> it was announced in 2017 and implemented in April
[15:14:22] <makan> I will try to solve
[15:14:25] <makan> somehow
[15:14:39] <mgedmin> the blog post I pasted contains code snippets to check if your platform supports TLS 1.2
[15:14:55] <makan> OK
[15:15:00] <makan> i will try
[15:15:08] <makan> hopefully it will work
[15:15:08] <mgedmin> of course the "python3 -m pip install --upgrade requests" bit will fail because of this so I don't know how helpful that will be :/
[15:15:19] <mgedmin> maybe you can do the equivalent check with urllib
[15:15:39] <makan> i would just like if i could maintain this python
[15:15:55] <makan> so i do not need to swich to anaconda
[15:16:14] <makan> anaconda is unable to maintain its packages
[15:16:26] <makan> native python is much better
[15:16:35] <makan> but now its not working :(
[15:16:38] <makan> OK thanks
[15:16:41] <makan> regards
[15:17:33] <mgedmin> ah https://mail.python.org/pipermail/distutils-sig/2018-April/032114.html says April 8 was the date when pypi.org started rejecting older TLS versions
[15:20:02] <apollo13> makan: if --trusted-host did work that sounds as if you are having a transparent ssl proxy in the chain
[15:20:09] <apollo13> which broke with tls1.2
[17:21:56] <nanonyme> I don't still really understand the use case of HTTPS proxies properly :)
[17:23:14] <nanonyme> Unless maybe it's a terminating one which uses company CA?
[17:29:50] <apollo13> nanonyme: probably, but a broken one :D
[17:30:09] <nanonyme> I think terminating HTTPS proxies are broken by design
[17:30:32] <apollo13> manually configured proxies are imo okay
[17:31:09] <apollo13> and I understand that companies need/want them
[17:49:03] <phildini> Hey sumanah mind if I DM?
[17:49:18] <sumanah> go ahead phildini and thanks for asking
[18:00:27] <nanonyme> Even manually globally configured is bad, no one should be terminating HTTPS connections by default
[18:01:15] <apollo13> nanonyme: proxies don't have to terminate, they can for instance send CONNECT requests which kinda lets the proxy still log at least parts of it but then let it go through
[18:01:45] <nanonyme> Yes, but if you use CONNECT, doing the outer connection as SSL doesn't really make much sense
[18:02:28] <nanonyme> Doing the outer connection as SSL makes sense when you terminate the connection, connect from proxy to server and cache results
[18:03:39] <apollo13> true
[18:03:56] <apollo13> fwiw, some companies apparently have legal requirements to terminate
[18:06:21] <nanonyme> I'd expect the opposite to be true in many EU contries due to privacy laws
[18:20:23] <apollo13> nanonyme: maybe I was mostly refering to the companies trying to torpedo tls 1.3 -- which are generally american finance institutions iirc
[18:20:30] <apollo13> and similar
[22:01:19] <rindolf> Hi all! Would you guys appreciate a pypi equivalent to https://qa.perl.org/cpan-testers/ ?