You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have noticed an inconsistency between pypiserver and pypi.python.org with a certain package which is fairly unusual in its naming/versioning. The package in question is python-owasp-zap-v2.4.
The package can be installed from pypi.python.org using pip install python-owasp-zap-v2.4 resulting in an installed version of 0.0.7. The same fails on a locally deployed pypiserver as the package name appears as python-owasp-zap on this server.
It looks as though the regex used by pypiserver is spliting (and consuming) the package name on the occurance of -v resulting in python-owasp-zap and a version of 2.4-0.0.7. Not 100% but I think a version in this format is invalid so potentially pypiserver needs a revised regex or some additional logic to check for such cases. Interestingly this worked back in older versions and looks to have been impacted by commit - 2d0de09
I'm open to working on providing such a fix if my above analysis makes sense and seems correct, but before I look into it I wanted to get feedback as I may have interpreted the problem incorrectly here.
The text was updated successfully, but these errors were encountered:
I have noticed an inconsistency between pypiserver and pypi.python.org with a certain package which is fairly unusual in its naming/versioning. The package in question is python-owasp-zap-v2.4.
The package can be installed from pypi.python.org using
pip install python-owasp-zap-v2.4
resulting in an installed version of 0.0.7. The same fails on a locally deployed pypiserver as the package name appears as python-owasp-zap on this server.It looks as though the regex used by pypiserver is spliting (and consuming) the package name on the occurance of -v resulting in python-owasp-zap and a version of 2.4-0.0.7. Not 100% but I think a version in this format is invalid so potentially pypiserver needs a revised regex or some additional logic to check for such cases. Interestingly this worked back in older versions and looks to have been impacted by commit - 2d0de09
I'm open to working on providing such a fix if my above analysis makes sense and seems correct, but before I look into it I wanted to get feedback as I may have interpreted the problem incorrectly here.
The text was updated successfully, but these errors were encountered: