[Catalog-sig] Stable-releases-only PyPi

Ben Finney ben+python at benfinney.id.au
Tue Jul 12 23:55:52 CEST 2011 

Tres Seaver <tseaver at palladion.com> writes:

> On 07/12/2011 09:25 AM, Éric Araujo wrote:
> >> On 07/11/2011 08:41 AM, Éric Araujo wrote:

> >>> I was under the impression that PEP 386 only defined the syntax of
> >>> version numbers and a comparison algo, but no semantics. IOW there
> >>> is no way for a tool to know that 2.6.33 is devel and 2.6.34
> >>> stable, or that 1.0.4 does not break compatibility with 1.0.2, or
> >>> anything else of the sort.
[…]
>
> Hmm?  In what sense would 2.6.33 ever be used for a "devel" release?

Why should it not be? Projects are not bound to insert words anywhere in
their version strings for any state of the code.

I find inserting words into a version string to be ugly and overly
complicated, and I don't recommend it for any project. Fortunately,
conforming with PEP 386 doesn't require anyone to do that.

Nor does PEP 386 define what a version string like “2.6.33” means. It
only says how that version string will sort against other version
strings.

> If my application got broken by a project that made such a release, I
> would be busy ripping out a dependency produced by such an unreliable
> project, not arguing whether PyPI could / should implement some
> "technical measure" to make everything happy.

That expectation (that a development version must have a particular word
inserted in the version string) is unreasonable and has no foundation in
PEP 386.

A tool for automatically producing a “stable-only” mirror can't rely on
the version string containing any information about the development
status of a version; not even one which conforms perfectly to PEP 386.

> If your point is that a "stable-only" mirror could still induce breakage
> on projects which use it blindly, I certainly concur.  In fact, I have
> long asserted that any "integrator" whose production builds uses PyPI
> directly is solely responsible for the breakage, when (not if) it occurs.

+1. This is what OS distributions are good for: selecting which package
versions are suitable for the stability of the OS as a whole.

-- 
 \      “I stayed up all night playing poker with tarot cards. I got a |
  `\                  full house and four people died.” —Steven Wright |
_o__)                                                                  |
Ben Finney
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20110713/87ac8f34/attachment.pgp>

More information about the Catalog-SIG mailing list