On 2023-07-20 20:02, John W. O'Brien wrote: > On 7/20/23 00:32, Charlie Li wrote: >> John W. O'Brien wrote: >>> For net-mgmt/py-pysmi, I also had to patch pyproject.toml [2] to match the >>> port name [3]. >>> >>> [2] https://github.com/lextudio/pysnmp/blob/v5.0.28/pyproject.toml#L2 >>> [3] >>> https://cgit.freebsd.org/ports/diff/net-mgmt/py-pysmi/files/patch-pyproject.toml?id=718622a56caf647e137c7896197e0d6b17dedddb >> Please don't do that unless you are performing name normalisation [0]. While >> this case involves the unfortunate death of the original author and >> maintainer, changing the metadata in this manner is still a lapse in >> software supply chain security/integrity, considering the wider Python >> package ecosystem's (most visibly in PyPI) chequered history in this area. >> >> [0] https://packaging.python.org/en/latest/specifications/name-normalization/ >> > > How would you have us handle this instead?
Ah you may have missed the update[1] to the bug report. I have not yet had a chance to start on a patch. 1: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262906#c9
