easy_install installing beta version of psycopg2
Hello, trying to install psycopg2 via easy_install (distribute 0.6.14), the user received the version 2.4 beta2 instead of the latest stable 2.3.1. 2.4 beta2 has never been uploaded on PyPI and is not even listed in the http://pypi.python.org/simple/psycopg2/ I think this is a serious issue. Any solution? Thanks. -- Daniele
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/16/2011 05:35 AM, Daniele Varrazzo wrote:
Hello,
trying to install psycopg2 via easy_install (distribute 0.6.14), the user received the version 2.4 beta2 instead of the latest stable 2.3.1.
2.4 beta2 has never been uploaded on PyPI and is not even listed in the http://pypi.python.org/simple/psycopg2/
I think this is a serious issue. Any solution? Thanks.
easy_install is finding the link to 2.4 beta2 on the homepage (http://initd.org/psycopg/) listed for the 2.3.2 release. This is documented behavior, FWIW: http://peak.telecommunity.com/DevCenter/EasyInstall#id6 You could work around that issue using '--allow-hosts' to restrict downloads to those actually on PyPI: http://peak.telecommunity.com/DevCenter/EasyInstall#id13 Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1b/TMACgkQ+gerLs4ltQ6LWACfVlH84UIFfQl4durQZdpvEVBl JPcAn0m2GjSIzg4gbi47jxJix+dihuxn =mvL8 -----END PGP SIGNATURE-----
On Wed, Feb 16, 2011 at 10:35 AM, Daniele Varrazzo
wrote: Hello,
trying to install psycopg2 via easy_install (distribute 0.6.14), the user received the version 2.4 beta2 instead of the latest stable 2.3.1.
2.4 beta2 has never been uploaded on PyPI and is not even listed in the http://pypi.python.org/simple/psycopg2/
I think this is a serious issue. Any solution? Thanks.
Tres Seave Wrote:
easy_install is finding the link to 2.4 beta2 on the homepage (http://initd.org/psycopg/) listed for the 2.3.2 release. This is documented behavior, FWIW:
What I read is that "easy_install <name>" "Install a package by name, searching PyPI for the latest version, and automatically downloading, building, and installing it." PyPI has unambiguous specification that the latest stable release is "2.3.2": parsing the download page is a type of intelligence I don't expect to work. Otherwise what is the point of avoiding uploading beta releases on PyPI?
You could work around that issue using '--allow-hosts' to restrict downloads to those actually on PyPI:
This solution is for the easy_install user installing the module, as much as explicitly specifying a revision. This implies that the user knows there is a problem with easy_install and he may not get what expected (i.e. a production-ready release), which is a possibility that I honestly didn't even consider until yesterday. I am not a module user instead: I am the packager of the module, and I know what the users want in case they don't ask for a specific release in the past or in the future, so I took care to specify it on PyPI. Do I, as a packager, have the possibility to say "what I have specified on PyPI as stable release is exactly what I mean"? On PyPI there is *a single* version not hidden of psycopg. On http://pypi.python.org/pypi/psycopg2 there is a big fat link to a "psycopg2-2.3.2.tar.gz" package. There is really *no temptation to guess*. Why does easy_install follow a page meant for human, containing more than one link, and then download one of them at random? Sorry but I am really not getting the point of this effort. Is there a tool I can suggest to the users instead of easy_install to install the correct version from pypi, and possibly not requiring a writable egg cache (see http://stackoverflow.com/questions/4212240/importerror-cannot-import-name-tz...) to further complicate their lives? Thank you. -- Daniele
On PyPI there is *a single* version not hidden of psycopg. On http://pypi.python.org/pypi/psycopg2 there is a big fat link to a "psycopg2-2.3.2.tar.gz" package.
easy_install doesn't consider this page at all (anymore). Instead, it considers the "simple" API, which lists the files uploaded to PyPI and the download urls alike.
There is really *no temptation to guess*. Why does easy_install follow a page meant for human, containing more than one link, and then download one of them at random?
It doesn't download at random. If no version is specified, it downloads the most recent version.
Is there a tool I can suggest to the users instead of easy_install to install the correct version from pypi
I normally use aptitude to install Python packages. In order to install from PyPI specifically, I use Google Chrome. Regards, Martin
participants (3)
-
"Martin v. Löwis"
-
Daniele Varrazzo
-
Tres Seaver