[Distutils] easy_install installing beta version of psycopg2

Daniele Varrazzo daniele.varrazzo at gmail.com
Wed Feb 16 18:47:35 CET 2011


> On Wed, Feb 16, 2011 at 10:35 AM, Daniele Varrazzo <daniele.varrazzo at gmail.com> wrote:
>> Hello,
>>
>> trying to install psycopg2 via easy_install (distribute 0.6.14), the
>> user received the version 2.4 beta2 instead of the latest stable
>> 2.3.1.
>>
>> 2.4 beta2 has never been uploaded on PyPI and is not even listed in
>> the http://pypi.python.org/simple/psycopg2/
>>
>> I think this is a serious issue. Any solution? Thanks.

Tres Seave Wrote:
> easy_install is finding the link to 2.4 beta2 on the homepage
> (http://initd.org/psycopg/) listed for the 2.3.2 release.  This is
> documented behavior, FWIW:
>
> http://peak.telecommunity.com/DevCenter/EasyInstall#id6

What I read is that "easy_install <name>" "Install a package by name,
searching PyPI for the latest version, and automatically downloading,
building, and installing it." PyPI has unambiguous specification that
the latest stable release is "2.3.2": parsing the download page is a
type of intelligence I don't expect to work. Otherwise what is the
point of avoiding uploading beta releases on PyPI?

> You could work around that issue using '--allow-hosts' to restrict
> downloads to those actually on PyPI:
>
> http://peak.telecommunity.com/DevCenter/EasyInstall#id13

This solution is for the easy_install user installing the module, as
much as explicitly specifying a revision. This implies that the user
knows there is a problem with easy_install and he may not get what
expected (i.e. a production-ready release), which is a possibility
that I honestly didn't even consider until yesterday.

I am not a module user instead: I am the packager of the module, and I
know what the users want in case they don't ask for a specific release
in the past or in the future, so I took care to specify it on PyPI. Do
I, as a packager, have the possibility to say "what I have specified
on PyPI as stable release is exactly what I mean"?

On PyPI there is *a single* version not hidden of psycopg. On
http://pypi.python.org/pypi/psycopg2 there is a big fat link to a
"psycopg2-2.3.2.tar.gz" package. There is really *no temptation to
guess*. Why does easy_install follow a page meant for human,
containing more than one link, and then download one of them at
random? Sorry but I am really not getting the point of this effort.

Is there a tool I can suggest to the users instead of easy_install to
install the correct version from pypi, and possibly not requiring a
writable egg cache (see
http://stackoverflow.com/questions/4212240/importerror-cannot-import-name-tz-psycopg2)
to further complicate their lives?

Thank you.

-- Daniele


More information about the Distutils-SIG mailing list