Re: python devs complaining about debian packaging

It's not an accurate characterization that distutils was removed simply because it wasn't maintained. It was as fragile library, and it was difficult to make any changes to it because a number of things had implemented themselves by reaching into distutils and randomly monkeypatching various as

Re: python devs complaining about debian packaging

I happen to be subscribed here, so figured I'd comment :) FWIW I think the way the discussions are going... really in both locations.. is needlessly taking shots at each other. I've commented on discuss.python.org, but figured I'd repeat myself here. I think the way these discussions devolve in

Re: can pip be made using local Debian packages for any dependencies

I'm pretty sure that most if not all debian packages already ship the required information for pip to see them as installed, and if they are installed and they satisfy the dependency constraints that pip has for those projects, then they'll be used. The question of having pip automatically inst

Re: [RFC] DPT Policy: Canonise recommendation against PyPi-provided upstream source tarballs

File names on PyPI are write once. Once a specific file name has been used it can never be used again (even if the entire project was deleted and recreated). Projects can delete uploaded files (and as mentioned they can be yanked, but yanking is just extra metadata beside the file), but file co

Re: the new PyPI, coming next month

> On Apr 1, 2018, at 2:27 AM, Dominik George wrote: > > Hi, > >> To be clear, PGP signatures can still be uploaded and they are still >> available for download, they just don’t appear in the UI anymore. > > So, what does the pypi.debian.net redirector use for uscan? I imagine it > used to sc

Re: the new PyPI, coming next month

> On Mar 31, 2018, at 11:23 PM, Scott Kitterman wrote: > > What replaces gpg for ensuring integrity of the uploaded code? To be clear, PGP signatures can still be uploaded and they are still available for download, they just don’t appear in the UI anymore. Longer term I’d *like* to get rid o

Re: GnuPG signatures on PyPI: why so few?

hey intend to drop support for signatures entirely. > > Did they give any reasoning for this decision? > https://mail.python.org/pipermail/distutils-sig/2016-May/028933.html <https://mail.python.org/pipermail/distutils-sig/2016-May/028933.html> — Donald Stufft

Re: GnuPG signatures on PyPI: why so few?

is anything like that for Twine. I can’t speak for Ian but I don’t personally see anything inherently wrong with adding a environment variable or config option to twine that allows it to always sign by default. Ian may feel differently though! — Donald Stufft

Re: pip for stretch

ble would be a big boon to that. — Donald Stufft

Re: /usr/bin/python2 shebangs

accomplish anything more > than gratuitously break such setups. /usr/bin/python3 being Python 4.x is a bit weird though, and it’s likely that Python 4.x is not going to be another break the world release. — Donald Stufft

Re: New, updated pip coming

python-pip-whl .deb. On top of that, virtualenv and venv will both need wheels that it needs to install for pip, setuptools, and in the case of virtualenv, wheel. I'm not sure what the plan is for those. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Amend Debian Python Proposal to Include More Python Metadata?

h some basic C needs, and *maybe* one that is for pure python (but that may be able to be handled by the basic C needs one) though there will be a long tail I’m sure. ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc De

Re: Amend Debian Python Proposal to Include More Python Metadata?

> On Jan 22, 2016, at 6:04 PM, Scott Kitterman wrote: > > On Friday, January 22, 2016 05:50:13 PM Donald Stufft wrote: > ... >> We already have an option like this, the —root option which will just append >> a different prefix to all of the installation paths. So e

Re: Amend Debian Python Proposal to Include More Python Metadata?

> On Jan 22, 2016, at 6:02 PM, Barry Warsaw wrote: > > On Jan 22, 2016, at 05:50 PM, Donald Stufft wrote: > >> Forget that pip can fetch files from PyPI and install them for a moment and >> consider the command ``pip install .``. Fundamentally this is similar to the &

Re: Amend Debian Python Proposal to Include More Python Metadata?

machine, we actually don't know what pycs will > be generated when the debs are installed, so the egg-info/RECORD file *can't* > contain them, at least not accurately. FWIW It appears that if you do setup.py install —no-compile to tell distutils not to compile the .pyc during .deb build

Re: Amend Debian Python Proposal to Include More Python Metadata?

> On Jan 22, 2016, at 11:51 AM, Scott Kitterman wrote: > > On Friday, January 22, 2016 10:54:54 AM Donald Stufft wrote: >>> On Jan 22, 2016, at 10:36 AM, Piotr Ożarowski wrote: >>> >>> to be honest, I still don't know what you're asking f

Re: Amend Debian Python Proposal to Include More Python Metadata?

additional piece of metadata inside of it that just says "Hey, This is a system install" that we can inspect and then take additional logic (like refusing to touch it without a --force) based on that. The change I'm asking for here helps make that possible (among other things). --

Re: Amend Debian Python Proposal to Include More Python Metadata?

hat will install things using setuptools (just like pip does) regardless of if it imports setuptools or distutils in it’s setup.py file. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Amend Debian Python Proposal to Include More Python Metadata?

n sys.path looking for things to activate and it comes with a bunch of side effects. This happens implicitly for any project using console scripts. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Amend Debian Python Proposal to Include More Python Metadata?

different options with different trade offs) does this sound like something at all that Debian would be interested in? - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Dealing with flit -- a simplified packaging of python modules

On September 26, 2015 at 5:30:35 AM, Paul Wise (p...@debian.org) wrote: > On Fri, 2015-09-25 at 19:25 -0400, Donald Stufft wrote: > > > Because the way Python packaging currently is and historically has > > been, binary packages are not something that is widely available or &g

Re: Dealing with flit -- a simplified packaging of python modules

On September 25, 2015 at 8:21:39 PM, Ben Finney (ben+deb...@benfinney.id.au) wrote: > Donald Stufft writes: > > > On September 25, 2015 at 7:24:30 PM, Paul Wise (p...@debian.org) wrote: > > > Why are end users using source packages instead of binary packages > > >

Re: Dealing with flit -- a simplified packaging of python modules

ers using source packages instead of binary packages and > then complaining that the source tarballs aren't ready-to-run binary > packages? > Because the way Python packaging currently is and historically has been, binary packages are not something that is widely available or viabl

Re: Bug#785275: ITP: python-ipaddress -- Backport of the ipaddress module from Python 3.3

ependency that handled it I went ahead and just released pip 7 with the ipaddress dependency still. I'm not entirely sure why that's an unreasonable dependency here, it has a different name than ipaddr does, at least in the PyPI modules, so it should be entirely possible to have them both installed side by side without any conflicts. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: PyCon BoF: Stretch goals for cPython, PyPy & CFFI

es other interpreters too. Right now we have the de facto standard of binary, binaryX, and binaryX.Y but that really only sanely handles CPython. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Fixing #744145, `pip install --user --upgrade requests` breaks pip

.python.org/3/using/cmdline.html#cmdoption-s > <https://docs.python.org/3/using/cmdline.html#cmdoption-s> > > Thomas The -s flag would mean that pip would not be able to determine that something was installed already in the ``—user`` directory, because pip inspects the sy

Re: Debian uscan redirector for PyPI

> On Feb 5, 2015, at 6:14 PM, Ben Finney wrote: > > Ben Finney writes: > >> Donald Stufft writes: >> >>> I suggested to #debian-python that a redirector might be better and >>> there is now one at pypi.debian.net. > > Whe is the VCS for the

Re: Debian uscan redirector for PyPI (was: PyPI and debian/watch)

I'm on my phone currently but I think Barry is using it in the wheel package now. > On Feb 4, 2015, at 5:18 PM, Ben Finney wrote: > > Donald Stufft writes: > >> I suggested to #debian-python that a redirector might be better and >> there is now one at pypi.d

Re: PyPI and debian/watch

> On Feb 4, 2015, at 4:32 PM, Stefano Rivera wrote: > > Hi Donald (2015.02.04_22:06:25_+0200) >>> On 4 February 2015 at 06:08, Donald Stufft wrote: >>>> If it gets implemented it'll live at /uscan/ because it exists primarily to >>>> w

Re: PyPI and debian/watch

> On Feb 4, 2015, at 3:02 PM, Tianon Gravi wrote: > > On 4 February 2015 at 06:08, Donald Stufft wrote: >> If it gets implemented it'll live at /uscan/ because it exists primarily to >> work around the deficiencies that exist in uscan (Particularly the dificulty &g

Re: PyPI and debian/watch

> On Feb 4, 2015, at 11:20 AM, Barry Warsaw wrote: > > On Feb 04, 2015, at 10:53 AM, Donald Stufft wrote: > >> That same page also mentions that qa.debian.org runs a number of >> "redirectors" for sites like SourceForge and GitHub so perhaps a better &

Re: PyPI and debian/watch

> On Feb 4, 2015, at 10:07 AM, Barry Warsaw wrote: > > On Feb 04, 2015, at 08:08 AM, Donald Stufft wrote: > >> If it gets implemented it'll live at /uscan/ because it exists primarily to >> work around the deficiencies that exist in uscan (Particularly the

Re: PyPI and debian/watch

7;ll live at /uscan/ because it exists primarily to work around the deficiencies that exist in uscan (Particularly the dificulty in ignoring url fragments). Everyone else should just use the URLs at /simple/ which most systems use with no problem because they can parse the URLs and ignore t

Re: Resources/best practices for making a .deb out of a virtualenv

irtualenv for > distribution so that it can use more recent libraries? > > (I'm not currently subscribed to the mailing list, but will if that's > easer than just CC'ing me or Reply-All'ing me). > I’ve used https://github.com/spotify/dh-virtualenv in the past a

Re: Building Python without SSLv3 breaks requests

Upstream would probably like the patch to fix things when sslv3 is disabled. I think shazow would merge it easily. > On Nov 19, 2014, at 6:20 PM, Barry Warsaw wrote: > >> On Nov 19, 2014, at 08:14 AM, Matthias Klose wrote: >> >> I'll wait for the -12 results. I think it would be better to te

Re: 'deviations from upstream' wiki.debian.org/Python docs

uble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/53b422f1.9080...@pke.hr > - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Packaging of suds-jurko (was: suds)

his? Is it enough to point Jurko to post > a request on http://sourceforge.net/p/pypi/support-requests/ ? That or send an email to don...@python.org and rich...@python.org asking for it, mention that I suggested it and that it’s been dead for 4 years and what have you. - Donald Stuff

Re: Packaging of suds-jurko (was: suds)

is right. > > -Barry *Puts on PyPI Admin Hat* Probably if suds-jurko or whatever is the unofficial “suds” that people should be using then there is a good chance that PyPI would be willing to transfer the name of suds to one of the forks. I’d have to talk to Richard to be sure about that b

Re: Bug#750638: ITP: ndg-httpsclient -- enhanced HTTPS support for httplib and urllib2 using PyOpenSSL

On Jun 5, 2014, at 12:02 PM, Barry Warsaw wrote: > On Jun 05, 2014, at 11:52 AM, Donald Stufft wrote: > >> Yea it shouldn’t matter on Python 3.x as the SSLContext stuff urllib3 will >> use to give good defaults there already. > > Does any of this impact our wheels fo

Re: Bug#750638: ITP: ndg-httpsclient -- enhanced HTTPS support for httplib and urllib2 using PyOpenSSL

On Jun 5, 2014, at 11:47 AM, Daniele Tricoli wrote: > Hello Donald, > > On Thursday 05 June 2014 10:24:48 Donald Stufft wrote: >> You need pyasn1, pyopenssl, and ndg-httpsclient in order for the >> requests/urllib3 stuff to kick in. > > Yes, of course: I was keepi

Re: Bug#750638: ITP: ndg-httpsclient -- enhanced HTTPS support for httplib and urllib2 using PyOpenSSL

http://mornie.org You need pyasn1, pyopenssl, and ndg-httpsclient in order for the requests/urllib3 stuff to kick in. It’d probably be a sane idea to use recommends, at least on Python 2.x since using that also prevents CRIME and the like which Python 2.x is vulnerable to else wise IIRC. ---

Re: Proposed changes to python-virtualenv

advantages, some of which are additional tooling written around it (virtualenvwrapper etc). It also has the benefit that it works across multiple versions of Python, so if someone wants to create Python 2 and Python <3.4 virtual environments, they are likely to be using virtualenv for consistency sake.

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

On Jun 3, 2014, at 6:55 PM, Barry Warsaw wrote: > On Jun 03, 2014, at 04:31 PM, Donald Stufft wrote: > >> The fix in 1.5.6 was updating requests. That's the only change. I think >> Debian needs to update urllib3. That's where the actual fix was. > > I th

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

The fix in 1.5.6 was updating requests. That's the only change. I think Debian needs to update urllib3. That's where the actual fix was. > On Jun 3, 2014, at 4:07 PM, Barry Warsaw wrote: > >> On Jun 03, 2014, at 11:28 AM, Mário Duarte Cruz wrote: >> >> I forgot to mention that it breaks if yo

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

On Jun 3, 2014, at 5:28 AM, Mário Duarte Cruz wrote: > On Mon, Jun 2, 2014 at 2:51 PM, Donald Stufft wrote: > > > pip 1.5.6 just upgrades the bundled requests FWIW. > > > > I forgot to mention that it breaks if you're sitting behind a proxy (might > not b

Re: Proposed changes to python-virtualenv

e” is that virutalenv will default to Python 3, which is probably not what most people want (however they can do virtualenv -p python2). - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: python-pip and python-virtualenv broken in sid after upgrade to python 2.7.7rc1

gt; Mario Cruz > pip 1.5.6 just upgrades the bundled requests FWIW. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Dependency of virtual environments on Python wheel (was: Proposed changes to python-virtualenv)

| > Ben Finney > > > -- > To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/85iooo2hez.fsf...@benfinney.id.au > - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Proposed changes to python-virtualenv

ing virtualenv installed in both 2.x and 3.x is what the default interpreter is whenever you create a virtual environment. IOW virtualenv is perfectly capable of creating virtual environments in interpreters other than the one it's installed in. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Proposed changes to python-virtualenv

ibed as fixing problems we don't have. No more. > > Scott K Eh, it’s not true that users of Debian do not have the problems that ensurepip solves. Perhaps *you* don’t personally have them but anyone whose ever needed to install a set of Python packages that Debian either doesn’t pa

Re: wheel support for Debian?

n-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/20140519111953.gc8...@jwilk.net > - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCF

Re: wheel support for Debian?

hese packages. > > That was also proposed in the above referenced message. Suggestions welcome, > but I think python-foo-wheels is as good as anything (it's pretty > self-descriptive ;). > > Cheers, > -Barry > > > -- > To UNSUBSCRIBE, email to debian-python-

Re: Bug #732703 and fixing ensurepip/pyvenv

only ever seen > NMUs since the initial upload. Colin, Matthias, keep an eye out for patches > to six and distlib respectively. > > I won't finish this up this weekend, but will continue working on it early > next week. > > Stay tuned, and best to ping me on IRC if you have questions. > > Cheers, > -Barry - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Bug #732703 and fixing ensurepip/pyvenv

uests`` directory that had been added into sys.path (basically options 2 and 3). I *think* it will work but that should be tested. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Bug #732703 and fixing ensurepip/pyvenv

ing that. So even if the current method breaks, there is almost certainly going to be a path forward. --------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Python 3.4 and ensurepip (rehashed, long)

\o/ > On Apr 4, 2014, at 7:12 PM, Barry Warsaw wrote: > >> On Mar 19, 2014, at 05:40 PM, Barry Warsaw wrote: >> >> The current situation in the Python 3.4 package is suboptimal because: >> >> % pyvenv-3.4 /tmp/zz >> Error: Command '['/tmp/zz/bin/python3.4', '-Im', 'ensurepip', '--upgrade', >>

Re: Python 3.4 and ensurepip (rehashed, long)

On Mar 26, 2014, at 10:35 AM, Barry Warsaw wrote: > On Mar 26, 2014, at 09:24 AM, Donald Stufft wrote: > >> In my half formed idea in my head the way it’d work is there’d be a >> vendor-packages directory where downstream can install things to, and a flag >> to the i

Re: Python 3.4 and ensurepip (rehashed, long)

On Mar 26, 2014, at 9:16 AM, Piotr Ożarowski wrote: > [Donald Stufft, 2014-03-26] >> On Mar 26, 2014, at 9:12 AM, Piotr Ożarowski wrote: >>> [Barry Warsaw, 2014-03-25] >>>> One of the things I'd like to see, in addition to supporting >>>&g

Re: Python 3.4 and ensurepip (rehashed, long)

.org > Archive: https://lists.debian.org/20140326131210.gd30...@sts0.p1otr.com > Pip does not install as an .egg or a .whl. It doesn’t use .egg at all and regardless of which format it downloads it unpacks it and installs it. There is no difference in format between what pip installs and any

Re: Python 3.4 and ensurepip (rehashed, long)

t;unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/20140325151821.438fa...@limelight.wooz.org > - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Python 3.4 and ensurepip (rehashed, long)

lled pip with apt-get they’d still be able to run pip install —upgrade pip if they wanted too? > >>> I'm not sure what we would do if we wanted avoided the dependency cycle, and >>> pip/setuptools wasn't yet installed system wide. >> >> Yeah, that

Re: Python 3.4 and ensurepip (rehashed, long)

On Mar 21, 2014, at 3:39 PM, Donald Stufft wrote: > > On Mar 21, 2014, at 3:24 PM, Scott Kitterman wrote: > >> On Wednesday, March 19, 2014 17:40:51 Barry Warsaw wrote: >>> Signed by ba...@warsaw.us. Show Details >>> TL;DR: Let's re-enable the ensure

Re: Python 3.4 and ensurepip (rehashed, long)

ctice, backwards compatibility, consistency (especially with Windows which we unfortunately do have to care about). > I don't see it as being > suitable for installation by default. I liked Piotr's idea about an option > along the lines of -i-know-if-a-break-it-i-keep-bot

Re: Python 3.4 and ensurepip (rehashed, long)

yea pip in the system Python currently kind of sucks. I want to make this better eventually! I just don't know how yet or have the cycles to spend investigating it. ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc