PMXBOT Log file Viewer

Help | Karma | Search:

#pypa logs for Thursday the 25th of July, 2019

(Back to #pypa overview) (Back to channel listing) (Animate logs)
[07:23:25] <chaoflow> pip currently fails to install docutils==0.15.1 (latets found is 0.15), while pypi.org claims this to be the latest version. I've requirements.txt files mentioning 0.15.1, so this used to be different.
[07:23:36] <chaoflow> Reproducible with docker run --rm -ti python:3.7-alpine pip install docutils==0.15.1
[07:23:42] <chaoflow> any ideas?
[08:44:50] <pradyunsg> chaoflow: The versions available on PyPI are: v0.15, 0.15.1.post1
[08:48:13] <energizer> how come pip doesn't install the 0.15.1.post1 version?
[08:54:04] <pradyunsg> It's a pin --> 0.15.1 != 0.15.1.post1
[08:56:01] <pradyunsg> `== 1.1 # Not equal, so 1.1.post1 does not match clause`
[08:56:51] <pradyunsg> https://www.python.org/dev/peps/pep-0440/#version-matching
[08:57:38] <energizer> huh ok
[12:52:18] <dude-x> huh i have docutils 0.15.1
[12:54:08] <dude-x> the release notes don't mention why they have made two pypi releases not listed, i presume they screwed something up
[16:36:14] <chaoflow> pradyunsg: I see and `pip install docutils==0.15.1.post1` works. However, there is https://pypi.org/project/docutils/0.15.1/ but no https://pypi.org/project/docutils/0.15.1.post1/ - I have requirements.txt with 0.15.1 and yesterday they were working. Something is off.
[16:38:20] <chaoflow> I'm pretty sure 0.15.1.post1 was not given as an available version by pip this morning - I don't have the logs anymore, but my post should be in #python around 10:45
[16:41:32] <pradyunsg> Yea, seems like the maintainer deleted the docutils-0.15.1.tar.gz file and created a new release.
[16:42:31] <chaoflow> Yesterday at 22:45 (CEST) Collecting docutils==0.15.1
[16:42:33] <chaoflow> ERROR: Could not find a version that satisfies the requirement docutils==0.15.1 (from versions: 0.3, 0.3.5, 0.3.7, 0.3.9, 0.4, 0.5, 0.6, 0.7, 0.8, 0.8.1, 0.9, 0.9.1, 0.10, 0.11, 0.12, 0.13.1, 0.14rc1, 0.14rc2, 0.14, 0.15)
[16:42:35] <chaoflow> ERROR: No matching distribution found for docutils==0.15.1
[16:43:18] <chaoflow> pradyunsg: I see. And the web frontend did not update yet?
[16:44:53] <pradyunsg> @chaoflow: Hmm, seems right to me.
[16:51:10] <chaoflow> pradyunsg: Thank you for looking into it!
[17:08:35] <ngoldbaum> and this is why removing packages like that is almost always a bad idea once the cat's out of the bag
[17:14:14] <chaoflow> ngoldbaum: In case of a security hole affecting every possible user of a packages, I could see a point, but ...
[17:16:31] <chaoflow> https://pypi.org/project/docutils/0.15.1/#files --- the package is registered as 0.15.1 but the files are 0.15.1.post1
[17:17:05] <chaoflow> That feels like a bug in either docutils release process or pypi
[17:17:44] <chaoflow> And it's only the source tarball that is 0.15.1.post1, whereas the wheel is 0.15.1
[17:20:55] <pradyunsg> EWDurbin and di_codes are best folks to comment on that IMO.
[17:22:27] <chaoflow> Requested docutils==0.15.1.post1 from https://files.pythonhosted.org/packages/d4/12/6c3fd74a590c7327c98cae008c11d536029fa9cd7924de477e8cb8804186/docutils-0.15.1-post1.tar.gz#sha256=f33ddb723332c6d6b6d99731ee1fc0c35eb4044a2df5cca1c64c8aa78eaf22cb (from -r CE/requirements/develop-nix.txt (line 82)), but installing version 0.15.1
[17:23:27] <EWDurbin> huh, looks like this is the result of yanking the 0.15.1.tar.gz
[17:24:40] <EWDurbin> oh hmmm
[17:24:54] <EWDurbin> @chaoflow what version of Python are you trying to install to?
[17:25:02] <chaoflow> EWDurbin: python 3.7
[17:25:27] <EWDurbin> hm, that blows that theory out of the water. they added a requires-python with this release
[17:26:01] <chaoflow> EWDurbin: docker run --rm -ti python:3.7-alpine pip install docutils==0.15.1.post1 -- reproduces the warning
[17:27:24] <EWDurbin> that warning appears to valid. the uploader doesn't seem to have updated the metadata when creating the post1 release
[17:27:55] <chaoflow> EWDurbin: Yes, and on the other hand this fails: docker run --rm -ti python:3.7-alpine pip install --only-binary :all: docutils==0.15.1.post1
[17:28:14] <EWDurbin> that appears to be beacause the wheel is py2 only
[17:28:30] <chaoflow> EWDurbin: good catch - thx!
[17:29:06] <chaoflow> EWDurbin: I wonder whether warehouse could prevent something like this from being uploaded
[17:29:17] <chaoflow> s/could/should/
[17:43:57] <chaoflow> https://github.com/pypa/warehouse/issues/6260
[17:45:32] <pradyunsg> EWDurbin: do you reckon I should try API-keys based upload for a potential pip bugfix release next week or (not be overexcited and) wait until after the beta?
[17:46:35] <chaoflow> https://sourceforge.net/p/docutils/bugs/370/
[17:46:48] <EWDurbin> pradyunsg: probably best to start with testing on test.pypi.org and then consider doing so. ultimately using an API Token will either work... or not work, and isn't significantly different than using a password as you do today
[17:47:44] <pradyunsg> Thanks for finding those @chaoflow!
[17:47:55] <pradyunsg> *finding/filing
[17:48:09] <pradyunsg> BTW @chaoflow, have we met?
[17:48:44] <pradyunsg> ^ okay, no, I'm thinking about a different Florian. :)
[17:52:12] <ngoldbaum> ah, they did a dumb
[17:52:22] <ngoldbaum> it's too bad that this sort of thing is a little non-obvious
[19:35:56] <weijunli> I have installed frida on windows but it isnt recognized `frida` as a cmdline