"Subscribing" to Releases
Hi there, First off, thank you for the awesome flake8 project! My team has just started using it and I expect we will only use it more moving forward. I wanted to ask if there was a way I could be notified of releases, such as a mailing list I can subscribe to? I'm also happy to use GitHub's "watch" function for releases, but tags don't count as releases. Thanks again! Levi Muniz DevOps Engineer levi.muniz@Quantum.com<mailto:levi.muniz@Quantum.com> [twitter]<https://twitter.com/quantumcorp> @QuantumCorp<https://twitter.com/quantumcorp> [linkedin]<https://www.linkedin.com/company/quantum> QuantumCorp<https://www.linkedin.com/company/quantum> Quantum.com<https://www.quantum.com/?utm_source=quantum-email&utm_medium=email-signature&utm_campaign=corpsig2021livingdata> [cid:image003.jpg@01D80153.D4246D20]<https://www.quantum.com/?utm_source=quantum-email&utm_medium=email-signature&utm_campaign=corpsig2021livingdata> The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through security software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.
The cleanest way I've found so far to do this for PyPI packages in general is to subscribe to the Atom feeds provided by Libraries.io . For example, https://libraries.io/pypi/flake8/versions.atom ; at work, I subscribed a Slack channel to most of the ones we care about so it gets a stream of all potentially interesting new releases. Last I checked, PyPI itself doesn't have anything this granular, just a single high-volume feed for all releases of all packages (which may be what Libraries.io processes to produce its individual package feeds). I'd be interested in hearing if anybody else has a different solution that works for them. Jeremy On 2022-01-04 16:08, Levi Muniz wrote:
Links: ------ [1] https://twitter.com/quantumcorp [2] https://www.linkedin.com/company/quantum [3] https://www.quantum.com/?utm_source=quantum-email&utm_medium=email-signa...
Levi, On Wed, 5 Jan 2022 at 08:24, Levi Muniz <Levi.Muniz@quantum.com> wrote:
Try https://pypi.org/rss/project/flake8/releases.xml -- Regards, Christian Heinrich http://cmlh.id.au/contact
The cleanest way I've found so far to do this for PyPI packages in general is to subscribe to the Atom feeds provided by Libraries.io . For example, https://libraries.io/pypi/flake8/versions.atom ; at work, I subscribed a Slack channel to most of the ones we care about so it gets a stream of all potentially interesting new releases. Last I checked, PyPI itself doesn't have anything this granular, just a single high-volume feed for all releases of all packages (which may be what Libraries.io processes to produce its individual package feeds). I'd be interested in hearing if anybody else has a different solution that works for them. Jeremy On 2022-01-04 16:08, Levi Muniz wrote:
Links: ------ [1] https://twitter.com/quantumcorp [2] https://www.linkedin.com/company/quantum [3] https://www.quantum.com/?utm_source=quantum-email&utm_medium=email-signa...
On Tue, Jan 04, 2022 at 11:03:34PM -0500, Jeremy Bowman wrote:
The "release history" page of every PyPI package has an "RSS feed" link: https://pypi.org/project/flake8/#history https://pypi.org/rss/project/flake8/releases.xml FWIW this hasn't been there for forever, but I got curious. It got added some 1.5 years ago: https://github.com/pypa/warehouse/pull/7013 Florian -- me@the-compiler.org | https://www.qutebrowser.org https://bruhin.software/ | https://github.com/sponsors/The-Compiler/ GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
Thanks for the suggestions so far! I'll probably end up doing some combination of reading from RSS/Atom then emailing myself with the updates. There seems to be a few services that can do this, but most of them require creating an account and cost money at a certain point. Might be a fun side project for me. :P It's bizarre to me that there's no real standard push-style solution to this problem yet. RSS is great, though I haven't considered using it until now. It'd be a bit of an outlier for me to do that just for flake8. Just some interesting thoughts: Who should be responsible for notifying users of new releases? Developers themselves? Package repositories? SCM systems? What format would be most widely accepted? The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through security software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.
On Thu, Jan 6, 2022 at 7:20 AM Levi Muniz <Levi.Muniz@quantum.com> wrote:
That's definitely your prerogative
There are tonnes of services that will send you change requests with updated dependencies. A few examples - If you're already using GitHub, dependabot can do it. pyup.io can do it. Snyk can do package updates (at least for security updates). This is actually a solved problem, you just need to pick your solution.
If GitHub weren't trying to lock down all aspects of development, they could do this based on when a tag is published. Instead, they want developers to do more work to lock them and their users into the platform by publishing releases and release artifacts. As soon as you start doing that, you get people complaining that all artifacts starting at the dawn of the project aren't published, and if one developer takes it upon themselves to publish one release, any future releases done by someone else suddenly become "missing". PyPI is already doing its best to operate at scale and is thoroughly abused by some automations. As a result, they've removed certain APIs. To ask them to implement this would be unreasonable in my opinion unless there were a better way to fund its operation and development.
On Thu, Jan 06, 2022 at 02:03:32AM +0000, Levi Muniz wrote:
I fail to see how mail is somehow more "push-style" than RSS/Atom is, at least from an user's perspective. Running a mail client and running an RSS client seems pretty much the same thing. I'd consider RSS pretty much the standard solution for this. I use it for dozens of blogs I read, web comics (XKCD and such), various social networks (e.g. Reddit), package releases for different ecosystems, etc. etc. Hell, even Google Search alerts and other high-profile websites. Many websites provide such feeds, and for those which don't, projects like https://github.com/RSS-Bridge/rss-bridge or services like https://fetchrss.com/ exist which parse the websites and turn them into a feed. Florian -- me@the-compiler.org | https://www.qutebrowser.org https://bruhin.software/ | https://github.com/sponsors/The-Compiler/ GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
The cleanest way I've found so far to do this for PyPI packages in general is to subscribe to the Atom feeds provided by Libraries.io . For example, https://libraries.io/pypi/flake8/versions.atom ; at work, I subscribed a Slack channel to most of the ones we care about so it gets a stream of all potentially interesting new releases. Last I checked, PyPI itself doesn't have anything this granular, just a single high-volume feed for all releases of all packages (which may be what Libraries.io processes to produce its individual package feeds). I'd be interested in hearing if anybody else has a different solution that works for them. Jeremy On 2022-01-04 16:08, Levi Muniz wrote:
Links: ------ [1] https://twitter.com/quantumcorp [2] https://www.linkedin.com/company/quantum [3] https://www.quantum.com/?utm_source=quantum-email&utm_medium=email-signa...
Levi, On Wed, 5 Jan 2022 at 08:24, Levi Muniz <Levi.Muniz@quantum.com> wrote:
Try https://pypi.org/rss/project/flake8/releases.xml -- Regards, Christian Heinrich http://cmlh.id.au/contact
The cleanest way I've found so far to do this for PyPI packages in general is to subscribe to the Atom feeds provided by Libraries.io . For example, https://libraries.io/pypi/flake8/versions.atom ; at work, I subscribed a Slack channel to most of the ones we care about so it gets a stream of all potentially interesting new releases. Last I checked, PyPI itself doesn't have anything this granular, just a single high-volume feed for all releases of all packages (which may be what Libraries.io processes to produce its individual package feeds). I'd be interested in hearing if anybody else has a different solution that works for them. Jeremy On 2022-01-04 16:08, Levi Muniz wrote:
Links: ------ [1] https://twitter.com/quantumcorp [2] https://www.linkedin.com/company/quantum [3] https://www.quantum.com/?utm_source=quantum-email&utm_medium=email-signa...
On Tue, Jan 04, 2022 at 11:03:34PM -0500, Jeremy Bowman wrote:
The "release history" page of every PyPI package has an "RSS feed" link: https://pypi.org/project/flake8/#history https://pypi.org/rss/project/flake8/releases.xml FWIW this hasn't been there for forever, but I got curious. It got added some 1.5 years ago: https://github.com/pypa/warehouse/pull/7013 Florian -- me@the-compiler.org | https://www.qutebrowser.org https://bruhin.software/ | https://github.com/sponsors/The-Compiler/ GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
Thanks for the suggestions so far! I'll probably end up doing some combination of reading from RSS/Atom then emailing myself with the updates. There seems to be a few services that can do this, but most of them require creating an account and cost money at a certain point. Might be a fun side project for me. :P It's bizarre to me that there's no real standard push-style solution to this problem yet. RSS is great, though I haven't considered using it until now. It'd be a bit of an outlier for me to do that just for flake8. Just some interesting thoughts: Who should be responsible for notifying users of new releases? Developers themselves? Package repositories? SCM systems? What format would be most widely accepted? The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through security software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.
On Thu, Jan 6, 2022 at 7:20 AM Levi Muniz <Levi.Muniz@quantum.com> wrote:
That's definitely your prerogative
There are tonnes of services that will send you change requests with updated dependencies. A few examples - If you're already using GitHub, dependabot can do it. pyup.io can do it. Snyk can do package updates (at least for security updates). This is actually a solved problem, you just need to pick your solution.
If GitHub weren't trying to lock down all aspects of development, they could do this based on when a tag is published. Instead, they want developers to do more work to lock them and their users into the platform by publishing releases and release artifacts. As soon as you start doing that, you get people complaining that all artifacts starting at the dawn of the project aren't published, and if one developer takes it upon themselves to publish one release, any future releases done by someone else suddenly become "missing". PyPI is already doing its best to operate at scale and is thoroughly abused by some automations. As a result, they've removed certain APIs. To ask them to implement this would be unreasonable in my opinion unless there were a better way to fund its operation and development.
On Thu, Jan 06, 2022 at 02:03:32AM +0000, Levi Muniz wrote:
I fail to see how mail is somehow more "push-style" than RSS/Atom is, at least from an user's perspective. Running a mail client and running an RSS client seems pretty much the same thing. I'd consider RSS pretty much the standard solution for this. I use it for dozens of blogs I read, web comics (XKCD and such), various social networks (e.g. Reddit), package releases for different ecosystems, etc. etc. Hell, even Google Search alerts and other high-profile websites. Many websites provide such feeds, and for those which don't, projects like https://github.com/RSS-Bridge/rss-bridge or services like https://fetchrss.com/ exist which parse the websites and turn them into a feed. Florian -- me@the-compiler.org | https://www.qutebrowser.org https://bruhin.software/ | https://github.com/sponsors/The-Compiler/ GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
participants (6)
-
Christian Heinrich -
Florian Bruhin -
Ian Stapleton Cordasco -
Jeremy Bowman -
Jeremy Bowman -
Levi Muniz