Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread PJ Eby
On Mon, Sep 30, 2013 at 6:06 PM, Marcus Smith  wrote:
>>
>> > how will context decide between the version being "dev" or "xdist-dev"?
>>
>> By whether you asked to install "pytest-xdist" or "pytest", and by
>> whether "dev" or "xdist-dev" match your version requirements.  In
>> practice this tends to only be a problem if you are:
>>
>> 1. Installing the two packages during the same run, and
>> 2. Aren't using version specifiers.
>
>
> #2 is a big deal.  the pip issue (#1192) that motivated this was a #2. local
> find-links with non-versioned requirements.

I should probably add a #3 to that list: it's also rarely a problem
because usually there's at least one *numbered* version of the desired
package available, which will always prioritize newer than an
arbitrary alphabetic version like "xdist", even if you haven't
requested a specific version.

IOW, you need to not only not request a version and come across the
other package in the same run, but you *also* need for there not to be
any valid versions of your intended target present.


> so, suppose you have "pytest-xdist-dev.tar.gz" in a find-links location.
> whether you're trying to install "pytest" or "pytest-xdist" doesn't help the
> installer determine how to parse that archive.

In easy_install's case, it will take the one with the highest version
number, which means it'll try to install pytest-xdist-dev.tar.gz, on
the theory that 'xdist-dev' is a newer version than 'dev'.  This is
kind of silly, but it was the Simplest Possible Thing That Could Work,
and I figured I'd change it when there was enough feedback/field
experience to decide what to change it to.  ;-)

Probably the "right" thing to do would be to warn or decline on
ambiguous filenames in the future, since it is quite possible to
detect if a filename has more than one possible interpretation.
Another possibility would be to treat them analagously to
stable/unstable versions, prioritize them below regular matches, etc.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread Marcus Smith
>
>
> > how will context decide between the version being "dev" or "xdist-dev"?
>
> By whether you asked to install "pytest-xdist" or "pytest", and by
> whether "dev" or "xdist-dev" match your version requirements.  In
> practice this tends to only be a problem if you are:
>
> 1. Installing the two packages during the same run, and
> 2. Aren't using version specifiers.
>

#2 is a big deal.  the pip issue (#1192) that motivated this was a #2.
local find-links with non-versioned requirements.
so, suppose you have "pytest-xdist-dev.tar.gz" in a find-links location.
whether you're trying to install "pytest" or "pytest-xdist" doesn't help
the installer determine how to parse that archive.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread PJ Eby
On Mon, Sep 30, 2013 at 4:11 PM, Marcus Smith  wrote:
>
>> The setuptools.package_index API, however, *does* support parsing
>> sdist names, it's just that it generates a *list* of possibilities,
>
>
> oh, ok, "setuptools.package_index.distros_for_url"
>
>>
>> Thus, tools using this API can contextually decide which to consider
>> the "real" interpretation, based on context.  This method is used by
>> easy_install; I don't know if pip does as well.
>
>
> how will context decide between the version being "dev" or "xdist-dev"?

By whether you asked to install "pytest-xdist" or "pytest", and by
whether "dev" or "xdist-dev" match your version requirements.  In
practice this tends to only be a problem if you are:

1. Installing the two packages during the same run, and
2. Aren't using version specifiers.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread Marcus Smith
> The setuptools.package_index API, however, *does* support parsing
> sdist names, it's just that it generates a *list* of possibilities,
>

oh, ok, "setuptools.package_index.distros_for_url"


> Thus, tools using this API can contextually decide which to consider
> the "real" interpretation, based on context.  This method is used by
> easy_install; I don't know if pip does as well.
>

how will context decide between the version being "dev" or "xdist-dev"?

> - pip will accept this as a "pytest" archive and install it potentially if
> > no other version matches greater.
>
> Does it also accept it as "pytest-xdist"?


yes. without getting into too many details, pip basically searches for
matches by comparing the archive name with "-".
I.e when looking for "pytest" archives, match on "pytest-".  and the
version is the rest.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread Marcus Smith
> > what's the right answer?
>
> IMO it should be ignored, i.e. be rejected as a candidate for installation.
> (If pointing pip to the local file it's different of course).
> This particular name isn't a real-life use case, is it?
>

the real life issue that motivated this is
https://github.com/pypa/pip/issues/1192
what we discovered was that pip was allowing 'pytest-xdist' archives to
fulfill a pytest requirement.

to fix it, I was going to start using distlib's split_filename, but then
noticed it didn't accept "dev" as a version, and one of pip's tests were
failing as a result (which was specifically confirming pip could install
"dev" versions)

Vinay has just pushed an update to split_filename to handle the dev case
(and others)
https://bitbucket.org/pypa/distlib/commits/22c38563185bf13bfd267efc88d147a51e9880e3
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread holger krekel
On Mon, Sep 30, 2013 at 10:55 -0700, Marcus Smith wrote:
> so, take a case like so  "pytest-xdist-dev.tar.gz" (or any sdist with "-"
> in the project name, and a version starting with a string)
> 
> I think it's like so:
> - pkg_resources.Distribution.from_location will treat "xdist-dev" as the
> version.
> - distlib.util.split_filename won't parse it because versions have to start
> with [0-9].
> - pip will accept this as a "pytest" archive and install it potentially if
> no other version matches greater.
> 
> what's the right answer?

IMO it should be ignored, i.e. be rejected as a candidate for installation.
(If pointing pip to the local file it's different of course).
This particular name isn't a real-life use case, is it?

best,
holger

> The historical-compatible answer is to be confused when projects have "-".
> so stay confused? or get rigid like distlib?


> 
> Marcus

> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread PJ Eby
On Mon, Sep 30, 2013 at 1:55 PM, Marcus Smith  wrote:
> so, take a case like so  "pytest-xdist-dev.tar.gz" (or any sdist with "-" in
> the project name, and a version starting with a string)
>
> I think it's like so:
> - pkg_resources.Distribution.from_location will treat "xdist-dev" as the
> version.
> - distlib.util.split_filename won't parse it because versions have to start
> with [0-9].

For these APIs, these are reasonable defaults, because they are
intended only to parse *unambiguous* filenames.  Neither API should be
used with sdist files, because sdist filenames are ambiguous and
cannot therefore be parsed to a single name.

The setuptools.package_index API, however, *does* support parsing
sdist names, it's just that it generates a *list* of possibilities,
rather than a single unambiguous interpretation of the filename.  If
you ask it to parse the example you gave, you will get a list of:

* Project "pydist", version "xdist-dev"
* Project "pydist-xdist", version "dev"
* Project "pydist-xdist-dev", no version

Thus, tools using this API can contextually decide which to consider
the "real" interpretation, based on context.  This method is used by
easy_install; I don't know if pip does as well.

> - pip will accept this as a "pytest" archive and install it potentially if
> no other version matches greater.

Does it also accept it as "pytest-xdist"?


> what's the right answer?

It depends on what you want, and whether what you want is compatible
with reality.  ;-)


> The historical-compatible answer is to be confused when projects have "-".
> so stay confused? or get rigid like distlib?

The future sdist format should not be ambiguous like this.  Dealing
with ambiguity in past packages is for the moment something of a
requirement if you are making a general-use tool.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread Paul Moore
On 30 September 2013 18:55, Marcus Smith  wrote:
> so, take a case like so  "pytest-xdist-dev.tar.gz" (or any sdist with "-" in
> the project name, and a version starting with a string)
>
> I think it's like so:
> - pkg_resources.Distribution.from_location will treat "xdist-dev" as the
> version.
> - distlib.util.split_filename won't parse it because versions have to start
> with [0-9].
> - pip will accept this as a "pytest" archive and install it potentially if
> no other version matches greater.
>
> what's the right answer?
>
> The historical-compatible answer is to be confused when projects have "-".
> so stay confused? or get rigid like distlib?

tl;dr Let's have a strict standard and then tools should go for the
usual "be lenient in what you accept, but strict in what you produce"
principle.

To expand on that, IMO, we should specify in one of the metadata-type
PEPs a set of precise, parseable rules (I avoid the word "rigid" here
because of the negative connotations, but that's what I mean).
Projects that need to may or may not change to conform to the spec, so
there may still be cases where tools have to be confused for backward
compatibility reasons, but at least we then make those cases into
clearly expressed "undefined behaviour" cases.

Whether tools converge on a common understanding for those cases, or
remain confused as now, is less of an issue to me, as the clear
message is that the project has a means to get consistent behaviour by
changing to match the standard, and if they choose not to they can
accept the consequences with no worse impact than we currently have.

But I'd also agree with Donald that stats on the scale of the problem
would help to better inform a decision here.

Paul.
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


Re: [Distutils] unparseable sdist filenames

2013-09-30 Thread Donald Stufft

On Sep 30, 2013, at 1:55 PM, Marcus Smith  wrote:

> so, take a case like so  "pytest-xdist-dev.tar.gz" (or any sdist with "-" in 
> the project name, and a version starting with a string)
> 
> I think it's like so:
> - pkg_resources.Distribution.from_location will treat "xdist-dev" as the 
> version.
> - distlib.util.split_filename won't parse it because versions have to start 
> with [0-9].
> - pip will accept this as a "pytest" archive and install it potentially if no 
> other version matches greater.
> 
> what's the right answer?
> 
> The historical-compatible answer is to be confused when projects have "-".
> so stay confused? or get rigid like distlib?
> 
> Marcus
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig

I think we're going to need more data to figure out a solution. We need to see 
how many things are going to be affected by this. If it's not a massive amount 
I think we should get strict.

-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


[Distutils] unparseable sdist filenames

2013-09-30 Thread Marcus Smith
so, take a case like so  "pytest-xdist-dev.tar.gz" (or any sdist with "-"
in the project name, and a version starting with a string)

I think it's like so:
- pkg_resources.Distribution.from_location will treat "xdist-dev" as the
version.
- distlib.util.split_filename won't parse it because versions have to start
with [0-9].
- pip will accept this as a "pytest" archive and install it potentially if
no other version matches greater.

what's the right answer?

The historical-compatible answer is to be confused when projects have "-".
so stay confused? or get rigid like distlib?

Marcus
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig