-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trollius
has been removed from PyPI; ZEO cannot be installed on 2.7
#146
Comments
I suggest you to vendor a copy of trollius and maintain it ;-) Or take the ownership of the project. I don't want to maintain it anymore: it's deprecated since 2016. |
Removing packages from PyPI is IMO one of the very evil things one can do (coders POV). Like to poke the anthill. Thanks @jamadden ❤️ for taking over the work to restore it for all us poor folks with installations using it. Transition to Zope 4 takes a while with large projects. |
Release
Released is released. |
I think removing a package from PyPI is fine under some circumstances: if the package is unsafe (e.g. contains a security vulnerability, or wipes your hard drive due to a bug in the install script, etc.) @jamadden: I think you'll have to upload a trollius-2.2.post1.tar.gz. I've never done so before, so I don't know if it's sufficient to rename the filename (probably not), or if you have to do a whole new release. Might be a good idea to do a release anyway, to change the maintainer metadata in setup.py. Also, I have an open PR against trollius that adds a working Appveyor config for building |
BTW I have Trollius 2.2 binary Windows wheels available at https://debesis.gedmin.as/wheels/, if you want to upload those in the meantime. |
FTR you should probably use |
I've updated metadata (to further emphasize the lack of support) and included the PR to build Windows wheels (partly; the test dependencies are no longer available either, so we cannot actually test it anymore) and published 2.2.post1 as sdist and Windows wheels. RelStorage, at least, picked it up seamlessly and is building fine. I'd like to offer a huge thank-you to @vstinner for maintaining trollius this far, and for being so gracious in letting us republish it for the sake of our existing dependents. Please let me know if there's anything more that should be changed. I do not plan to do any sort of maintenance on this. (I already maintain one async library; that's more than enough 😄 ) If someone else is motivated to make improvements, or if we think the repo should be somewhere else (zopefoundation?) I'm happy to turn over the keys (I've already invited a few people to be collaborators on both the project and the repo, just to improve the bus factor). |
Removing a deprecated project because you don't want to maintain it is definitely an unfriendly act to the community (as opposed to force majeur). There is a Trove classifier for such projects ( |
Trollius is deprecated since its version 2.1 released in 2016. It's well documented in its documentation:
and in the README file: https://github.com/vstinner/trollius/blob/trollius/README.rst I even modified "python2 setup.py" to emit a big warning: https://github.com/vstinner/trollius/blob/trollius/setup.py#L86 You had 3 years to prepare your project: take over the maintenance of Trollius or switch to a different solution. Remember that it's an open source software distributed under the Apache license which says "... WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND". By the way, the README file also says "No Maintenance Intended": http://unmaintained.tech/ I made this Trollius project for fun, it's not my job, so I don't see why I would owe anything to the community. So I just ignore people telling me how I should have handle the end of life of this project. Please go ahead and maintain the project if you know how to handle it :-) |
I'm still open to transfer the ownership to whoever wants to maintain Trollius. But I don't want to maintain it anymore, as explained previously :-) |
Rele
Released is released. Do you (at Redhat) remove unmaintained packages from old distributions? What an absurd and arrogant and ignorant argumentation chain. |
@vstinner It is definitely your right to stop maintaining a package. More importantly, the thanks from @jamadden for your previous work are definitely deserved (I am adding my thanks) ! However, removing packages from PyPI should be a no go except for the reasons pointed by @mgedmin . |
Different people asked me why I decided to remove the project from PyPI rather than doing nothing. Maintaining a project is a non-zero cost. Different people disagree with me on this point, but I don't want to elaborate (they are enough articles on this topic on the Internet). I removed Trollius from PyPI to send a strong signal: I don't want to maintain this project anymore, the project is looking for a new maintainer. I don't want to be responsible of a project with open issues and open pull requests. As I explained previously, I already tried soft approaches (deprecation, "no maintenance intended", etc.) previously to find a new maintainer, but they didn't work. Republishing Trollius on PyPI is trivial: @jamadden already did it. But it doesn't solve the maintenance problem. My long term plan is to remove https://github.com/vstinner/trollius. But I don't plan to do it soon, since I know that it would cause even more trouble. I would prefer to transfer the project to ensure that the project remains available somehow. If your business rely on Trollius, well, simply take the maintenance of Trollius. So you will be able to estimate the maintenance cost. Good for you if it's a zero cost ;-) The project has 7 open issues and 2 open pull requests. So far, nobody offered me to take the maintenance of the project. @jamadden wrote: "I do not plan to do any sort of maintenance on this". Note: I am not paid by Red Hat to maintain Trollius, it was a side-project that I was maintaining in my free time. Professional support is not free. You cannot expect the same service level from a free project. |
@vstinner If I understand well what you explain hereabove, removing the project from PyPI is a stronger way of stating that you do not plan to maintain that code anymore. Are you getting hassled to fix the open issues ? Or feeling too responsible to ignore them ? Maintenance (or no maintenance) as well as the process around zombie projects is an important question for the OS community. I hope this does not sound unfriendly. |
FYI the dists are still somewhere on the CDN: pypi/warehouse#6319 (comment) Here's a few pointers for whom it may concern. You might be able to recover all original dists from there. Here's the explanation. Example: |
Apparently, in the future it should be possible to 'yank' a file or a project from PyPI, so the version will not be installed by default, but is available if you explicitly want it. See the recently accepted PEP 592. If I understand correctly, nothing has been done on PYPI yet, but it should be possible at some point. Latest pip supports it: yanked releases will have an html class and they will be ignored by pip, unless explicitly allowed with an extra option. Buildout (which most ZEO users will be using I think) and other tools can still find the yanked releases if they explicitly ask for such a version. So it should be better for everyone in a while. |
"I didn't want to maintain it any more" is different than, "I am going to delete all the existing releases." This was uncalled for. |
Looks like the situation is fixed by applying workarounds, so I'll be closing this issue. |
That means ZEO can no longer be installed on Python 2.7:
It should be noted that Plone 5.2 depends on trollius 2.2, and Plone 5.1 depends on 2.1.
Luckily I had some pre-built wheels of 2.2 that I re-uploaded which might solve the problem in some cases (it seemed to fix my CI), but I cannot upload the trollius-2.2.tar.gz file (because that name had already been used).
Perhaps we can coordinate with @vstinner to find a happy resolution.
The text was updated successfully, but these errors were encountered: