Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What happened to 0.3.27 and 0.3.26? #124

Closed
zoltan-fedor opened this issue Mar 26, 2019 · 16 comments

Comments

@zoltan-fedor
Copy link

commented Mar 26, 2019

Hey,
I came here from PyPI after one of our deployments complained about croniter 0.3.27 is no longer being available on PyPI.
What happened?
Why that earlier recent 8 days old version was pulled suddenly?
Thanks

@artem-panchenko

This comment has been minimized.

Copy link

commented Mar 26, 2019

Same question about 0.3.26.

@zoltan-fedor zoltan-fedor changed the title What happened to 0.3.27? What happened to 0.3.27 and 0.3.26? Mar 26, 2019

@gerardo-orozco

This comment has been minimized.

Copy link

commented Mar 26, 2019

and 0.3.21...
what is the reasoning behind removing older releases from pypi?

@DiggidyDave

This comment has been minimized.

Copy link

commented Mar 26, 2019

Removing releases is a no-no. Can we depend on this library going forward?

@alanjcastonguay

This comment has been minimized.

Copy link

commented Mar 26, 2019

Also had builds fail today, with 0.3.27 pinned. #119 is where https://pypi.org/project/croniter/0.3.27/ was stated released, and that issue is also explicitly in the 0.3.29 release notes. @kiorky what happened here?

@efokschaner

This comment has been minimized.

Copy link

commented Mar 27, 2019

This line of this commit (kiorky@b57519e#diff-b6190f052518a40f7418a056047abbd3R8) makes me wonder if there was some kind of intentional history re-write / unpublish which raises more questions than it answers.

@alanjcastonguay

This comment has been minimized.

Copy link

commented Mar 27, 2019

I haven't found any mention of 0.3.27 in commit history; was there also a force push?

@fbpcchen

This comment has been minimized.

Copy link

commented Mar 27, 2019

Plz tell me what happened to 0.3.27 !!!

@ojhilt

This comment has been minimized.

Copy link

commented Mar 27, 2019

Deleting old versions can have serious consequences on deployments and while this thankfully hasn't caused us any downtime it could have over a long weekend or something like that. PLEASE respect the community and DO NOT delete old releases, this is one of the major causes of problems in Python in general and ideally should be prevented at the PyPi level.

@kiorky kiorky closed this Mar 27, 2019

@kiorky

This comment has been minimized.

Copy link
Collaborator

commented Mar 27, 2019

security pb in readme, you have to upgrade to new release.

@kiorky

This comment has been minimized.

Copy link
Collaborator

commented Mar 27, 2019

I tried to reupload fixed tarballs to pypi but its can't be done anymore (see their tracker, it's "on purpose") ...

@kiorky

This comment has been minimized.

Copy link
Collaborator

commented Mar 27, 2019

You can find fixed artefacts for both versions:

@kiorky

This comment has been minimized.

Copy link
Collaborator

commented Mar 27, 2019

@gerardo-orozco 0.3.21 never existed.

@surbas

This comment has been minimized.

Copy link

commented Mar 27, 2019

Sorry having trouble finding the "security pb". What was the security issue? Also amazing library!

@kiorky

This comment has been minimized.

Copy link
Collaborator

commented Mar 27, 2019

information leak; no problem in the library itself.

@kiorky

This comment has been minimized.

Copy link
Collaborator

commented Mar 27, 2019

Repost of my previous comment to be very clear:

  • 0.3.29 has only a rewrotten README, no code change in the library from what was in 0.3.27.
  • I though that was clear by the changelog entry
  • Pypi lets you delete artefacts, but the problem is that it was a time you could reupload artefacts, it's impossible for now. What's funny is that i was trapped becaused the delete was already done. I dont understand their reasonning, release must not be touched at any cost, at 99%, but there are still legit use cases to do it. For further details, you can search for the issue 74 in "github/pypa/packaging-problems" (not putting a direct link on purpose).

You can find fixed artefacts for both versions:

@DiggidyDave

This comment has been minimized.

Copy link

commented Mar 27, 2019

Thanks for the info!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
10 participants
You can’t perform that action at this time.