Mailman 3 easy_install installing beta version of psycopg2 - Distutils-SIG

newer
zc.buildout: the extended-by option

easy_install installing beta version of psycopg2

Daniele Varrazzo

16 Feb 2011 16 Feb '11

5:35 a.m.

Hello, trying to install psycopg2 via easy_install (distribute 0.6.14), the user received the version 2.4 beta2 instead of the latest stable 2.3.1. 2.4 beta2 has never been uploaded on PyPI and is not even listed in the http://pypi.python.org/simple/psycopg2/ I think this is a serious issue. Any solution? Thanks. -- Daniele

Show replies by date

Tres Seaver

16 Feb 16 Feb

11:37 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/16/2011 05:35 AM, Daniele Varrazzo wrote:

...

Hello,

trying to install psycopg2 via easy_install (distribute 0.6.14), the user received the version 2.4 beta2 instead of the latest stable 2.3.1.

2.4 beta2 has never been uploaded on PyPI and is not even listed in the http://pypi.python.org/simple/psycopg2/

I think this is a serious issue. Any solution? Thanks.

easy_install is finding the link to 2.4 beta2 on the homepage (http://initd.org/psycopg/) listed for the 2.3.2 release. This is documented behavior, FWIW: http://peak.telecommunity.com/DevCenter/EasyInstall#id6 You could work around that issue using '--allow-hosts' to restrict downloads to those actually on PyPI: http://peak.telecommunity.com/DevCenter/EasyInstall#id13 Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1b/TMACgkQ+gerLs4ltQ6LWACfVlH84UIFfQl4durQZdpvEVBl JPcAn0m2GjSIzg4gbi47jxJix+dihuxn =mvL8 -----END PGP SIGNATURE-----

Daniele Varrazzo

12:47 p.m.

...

On Wed, Feb 16, 2011 at 10:35 AM, Daniele Varrazzo wrote:

...
Hello,

trying to install psycopg2 via easy_install (distribute 0.6.14), the user received the version 2.4 beta2 instead of the latest stable 2.3.1.

2.4 beta2 has never been uploaded on PyPI and is not even listed in the http://pypi.python.org/simple/psycopg2/

I think this is a serious issue. Any solution? Thanks.

Tres Seave Wrote:

...

easy_install is finding the link to 2.4 beta2 on the homepage (http://initd.org/psycopg/) listed for the 2.3.2 release. This is documented behavior, FWIW:

http://peak.telecommunity.com/DevCenter/EasyInstall#id6

What I read is that "easy_install <name>" "Install a package by name, searching PyPI for the latest version, and automatically downloading, building, and installing it." PyPI has unambiguous specification that the latest stable release is "2.3.2": parsing the download page is a type of intelligence I don't expect to work. Otherwise what is the point of avoiding uploading beta releases on PyPI?

...

You could work around that issue using '--allow-hosts' to restrict downloads to those actually on PyPI:

http://peak.telecommunity.com/DevCenter/EasyInstall#id13

This solution is for the easy_install user installing the module, as much as explicitly specifying a revision. This implies that the user knows there is a problem with easy_install and he may not get what expected (i.e. a production-ready release), which is a possibility that I honestly didn't even consider until yesterday. I am not a module user instead: I am the packager of the module, and I know what the users want in case they don't ask for a specific release in the past or in the future, so I took care to specify it on PyPI. Do I, as a packager, have the possibility to say "what I have specified on PyPI as stable release is exactly what I mean"? On PyPI there is *a single* version not hidden of psycopg. On http://pypi.python.org/pypi/psycopg2 there is a big fat link to a "psycopg2-2.3.2.tar.gz" package. There is really *no temptation to guess*. Why does easy_install follow a page meant for human, containing more than one link, and then download one of them at random? Sorry but I am really not getting the point of this effort. Is there a tool I can suggest to the users instead of easy_install to install the correct version from pypi, and possibly not requiring a writable egg cache (see http://stackoverflow.com/questions/4212240/importerror-cannot-import-name-tz...) to further complicate their lives? Thank you. -- Daniele

"Martin v. Löwis"

3:09 p.m.

...

On PyPI there is *a single* version not hidden of psycopg. On http://pypi.python.org/pypi/psycopg2 there is a big fat link to a "psycopg2-2.3.2.tar.gz" package.

easy_install doesn't consider this page at all (anymore). Instead, it considers the "simple" API, which lists the files uploaded to PyPI and the download urls alike.

...

There is really *no temptation to guess*. Why does easy_install follow a page meant for human, containing more than one link, and then download one of them at random?

It doesn't download at random. If no version is specified, it downloads the most recent version.

...

Is there a tool I can suggest to the users instead of easy_install to install the correct version from pypi

I normally use aptitude to install Python packages. In order to install from PyPI specifically, I use Google Chrome. Regards, Martin

4815

Age (days ago)

4815

Last active (days ago)

List overview

Download

3 comments

3 participants

participants (3)

"Martin v. Löwis"
Daniele Varrazzo
Tres Seaver

easy_install installing beta version of psycopg2

Daniele Varrazzo

Tres Seaver

Daniele Varrazzo

"Martin v. Löwis"

tags

participants (3)