current release version of txsocks (1.13.0.0rc2) does not adhere to PEP-0386

[evilaliv3]

current release version of txsocks (1.13.0.0rc2) does not adhere to PEP-0386

http://www.python.org/dev/peps/pep-0386/

this causes distutils to not validate it.

bug spotted while running globaleaks setup.py with: python setup.py install

Traceback (most recent call last):
  File "setup.py", line 114, in <module>
    requires = get_requires(),
  File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
    _setup_distribution = dist = klass(attrs)
  File "/usr/lib/python2.7/distutils/dist.py", line 259, in __init__
    getattr(self.metadata, "set_" + key)(val)
  File "/usr/lib/python2.7/distutils/dist.py", line 1220, in set_requires
    distutils.versionpredicate.VersionPredicate(v)
  File "/usr/lib/python2.7/distutils/versionpredicate.py", line 115, in __init__
    self.pred = [splitUp(aPred) for aPred in str.split(",")]
  File "/usr/lib/python2.7/distutils/versionpredicate.py", line 25, in splitUp
    return (comp, distutils.version.StrictVersion(verStr))
  File "/usr/lib/python2.7/distutils/version.py", line 40, in __init__
    self.parse(vstring)
  File "/usr/lib/python2.7/distutils/version.py", line 107, in parse
    raise ValueError, "invalid version number '%s'" % vstring
ValueError: invalid version number '1.13.0.0rc2'

@habnabit @hellais

[dstufft]

That version number should be fine, can you tell me how you generated that error? The globaleaks/GlobaLeaks repository doesn't seem to have a setup.py

[habnabit]

Hi! Thanks for the ticket.

However, the version 1.13.0.0rc2 is valid according to PEP 386; see http://codepad.org/geqxJCbn. The problem here is that distutils.version does not validate against PEP 386. If you want to make your project depend on a newer version of txsocksx, I would recommend either:

1. Use setuptools instead of distutils for dependency management, since setuptools knows how to parse version numbers like this.
2. Instead of depending specifically on releases newer than a particular release candidate (if you're using distutils 'requires'), say >1.0.0. I would hope that that would match 1.13.0.0rc2.

[evilaliv3]

mmm i dont think so @dstufft / @habnabit:

PEP 383 states: " version number consists of two or three dot-separated numeric components, with an optional "pre-release" tag on the end. " and also expose some examples of fine and bad versions and i think this is one of the bad one.

can you please reverify?

you are strongly correct with this:

• we are using distutils
• it's correct to fix with > 1

by the way i've fixed using:

######################################################################
# Temporary fix to https://github.com/globaleaks/GlobaLeaks/issues/572
#                  https://github.com/habnabit/txsocksx/issues/5
from distutils import version
version.StrictVersion = version.LooseVersion
######################################################################

this is our setup.py: https://github.com/globaleaks/GLBackend/blob/master/setup.py

[dstufft]

I'm sure it's fine via pep 386 and the newer pep 440

The problem us StrictVersion predates the pep and few people notice because the requires keyword (basically the only place strict version is used) is basically useless. It doesn't list things you install from PyPI it lists things you actually import in your code. Nothing uses it except to display on PyPI.

You probably want the setuptools install_requires keyword.

On Sep 4, 2013, at 4:05 PM, Giovanni Pellerano notifications@github.com wrote:

mmm i dont think so @dstufft / @habnabit:

PEP 383 states: " version number consists of two or three dot-separated numeric components, with an optional "pre-release" tag on the end. " and also expose some examples of fine and bad versions and i think this is one of the bad one.

can you please reverify?

you are strongly correct with this:

we are using distutils
it's correct to fix with > 1
by the way i've fixed using:
######################################################################

Temporary fix to globaleaks/globaleaks-whistleblowing-software#572

#5

from distutils import version
version.StrictVersion = version.LooseVersion
######################################################################

this is our setup.py: https://github.com/globaleaks/GLBackend/blob/master/setup.py

—
Reply to this email directly or view it on GitHub.

[evilaliv3]

ok thanks =)

[habnabit]

@evilaliv3 can you confirm that the issue is resolved for you now?

The thing you're quoting about "two or three dot-separated numeric components" is PEP 386 itself quoting the StrictVersion docstring. It is not describing what PEP 386 allows. This is the format that PEP 386 describes:

N.N[.N]+[{a|b|c|rc}N[.N]+][.postN][.devN]

[evilaliv3]

ok so you are saying that you are not using the strict format? i'm correct?

if yes, yes i'm currently fine with:
version.StrictVersion = version.LooseVersion
and we will probably change to setuptools in future.

you can close the thicket for me.

[habnabit]

"Loose" and "strict" are artifacts of how distutils used to do versions,
and aren't a part of PEP 386. The version 1.13.0.0rc2 is a PEP
386-compliant version which doesn't validate against the old distutils
StrictVersion.

I'll go ahead and close the ticket.

[evilaliv3]

perfect :) really thanks for the fast response and technical analysis