PMXBOT Log file Viewer

Help | Karma | Search:

#pypa logs for Tuesday the 7th of May, 2019

(Back to #pypa overview) (Back to channel listing) (Animate logs)
[00:03:09] <crwilcox> I think this may make a good first issue: https://github.com/pypa/twine/issues/387
[00:03:25] <crwilcox> And I believe this is fixed? https://github.com/pypa/twine/issues/385
[00:03:26] <sumanah> Yo crwilcox
[00:03:28] <sumanah> I'll look!
[00:05:19] <sumanah> Hey so with #385 it sounds like the problem is still occurring on High Sierra so I think we should leave it open
[00:05:32] <sumanah> Looking at #387 now
[00:06:56] <sumanah> crwilcox: I think #387 would be a good third or fourth issue but not a good first issue
[00:07:04] <crwilcox> Sounds good. This message "Nevermind, for some reason pip install --upgrade tqdm installed 4.26, but it didn't remove 4.11" makes me wonder if their twine is targeting a different python than pip? I could ask for clarification.
[00:07:18] <sumanah> to do #387 touches a few different files in a way that doesn't feel "first" to me
[00:07:33] <sumanah> crwilcox: yes, go ahead and ask for clarification from the original poster?
[00:58:09] <crwilcox> sumanah, I think this is fixed and can be closed. https://github.com/pypa/twine/issues/342
[00:58:09] <sumanah> crwilcox: am working more on pip docs bugs
[00:58:16] <sumanah> I'll look crwilcox
[01:38:43] <altendky> per https://setuptools.readthedocs.io/en/latest/setuptools.html#declaring-extras-optional-features-with-their-own-dependencies "might declare it like this, so that the “PDF” requirements are only resolved if the “rst2pdf” script is run" shouldn't running the txcan entry point trigger installation of click? or does 'resolved' mean something else. https://gist.github.com/altendky/dc2744094d36fa4163563ba18907d495
[01:43:01] <altendky> https://www.diffchecker.com/2uk75fOm looks to just trigger an exception early rather than waiting for my code to die on the failed include.
[20:44:07] <Chaos_Zero> (sorry for copy paste if duplicate users) Hey All, I have been stuck on one issue for quite a while: https://stackoverflow.com/questions/55801453/pyinstaller-can-not-find-scipy-special-ufuncs-on-another-computer . Does anyone know if there is a NON trial-and-error way to find out what hidden imports you need to get scipy.special to work in windows?
[21:56:22] <DerHorst> Hello, quick question: is it normal that there are packages whose names are confusingly near the original names? In my example I installed "django-restframework" v0.0.1 instead "djangorestframework". there is also django-rest-framework v0.1.0. Is this just normal? I can nearly smell the abuse...?
[22:52:37] <nedbat> DerHorst: looking at django-restframework, it seems like a big mistake? Nothing seems to be malicious in it.
[22:54:11] <nedbat> and django-rest-framework seems to be an empty package placed there by the author of djangorestframework, perhaps as a precaution
[22:59:29] <DerHorst> maybe it is not malicious now. But who knows what will be changed?
[23:00:35] <DerHorst> But in the meantime I read that typosquating is a thing and that the problem is (well?) known
[23:04:49] <tdsmith> difficult to solve at scale, though.
[23:05:07] <energizer> seems like a https://en.wikipedia.org/wiki/Zooko%27s_triangle
[23:20:34] <DerHorst> I guess I understood. Thanks for the answers. I contacted the django security team with the request to at least add a section to the tutorial. Inexperienced people (like me) might fall for it. Even if it is not a security issue it is still annoying and wasted much of my time :(
[23:23:46] <energizer> it might be nice if you couldnt add a package if a.replace('-', '') == b.replace('-', '')