On Tue, Nov 22, 2022 at 12:10:39PM +0100, Karolina Surma wrote:
On 11/15/22 12:42, Ewoud Kohl van Wijngaarden wrote:
>On Tue, Nov 15, 2022 at 12:35:32PM +0100, Karolina Surma wrote:
>>On 11/15/22 08:37, Mattia Verga via devel wrote:
>>>Il 15/11/22 00:23, Neal Gompa ha scritto:
>>>>On Mon, Nov 14, 2022 at 6:03 PM Kevin Kofler via devel
>>>><devel(a)lists.fedoraproject.org> wrote:
>>>>>So let me sum up:
>>>>>
>>>>>>Some Python building backends, eg. setuptools, explicitly allow
>>>>>>creating package with version `0.0.0` when the version used by a
>>>>>>project is not known. This was
>>>>>>[https://github.com/pypa/setuptools/issues/2329 discussed
upstream]
>>>>>>with conclusion that it's an intended behavior.
>>>>>Upstream says that it is intended that packages are able to set their
>>>>>version to 0 or 0.0.0, but…
>>>>>
>>>>>>Based on discussion on python-devel mailing list there will be no
way
>>>>>>to opt out from this change. There will be no possibility
>>>>>>to package a
>>>>>>Python package with version `0`.
>>>>>… your proposed Change will fail those packages' build with
>>>>>no opt-out!? You
>>>>>cannot be serious!
>>>>>
>>>>>(Though actually, would %global __provides_exclude_from …
>>>>>together with a
>>>>>manual Provides: python3dist(…) = 0 not work?)
>>>>>
>>>>>A clear -1 to this Change as proposed.
>>>>>
>>>>>>We've never encountered a situation when packaging the
>>>>>>version `0` was
>>>>>>the package maintainers intention.
>>>>>What if it is the *upstream* maintainer's intention? Are we
>>>>>now dictating
>>>>>versioning schemes on upstream projects, disallowing version
>>>>>numbers that
>>>>>upstream setuptools explicitly considers valid?
>>>>>
>>>>Unfortunately, I have to agree here. Nobody said we should be
>>>>dictating the versions for people. PEP-440 does not even make 0
>>>>version illegal, so this is unnecessarily punishing.
>>>>
>>>IMO, the policy is right, it just have to allow to opt out, so that the
>>>maintainer is informed that **there could be** something wrong with the
>>>package metadata / build process. Maybe an opt-out + file a ticket in BZ
>>>to have track of the opt out, just like the ExcludeArch is the right
>>>approach.
>>>
>>>Mattia
>>>
>>
>>Hello,
>>
>>The standard invocation of the Python dependency generator will be
>>changed to always run with option like `--fail-if-version-zero`. (This
>>is the subject of the current proposal.)
>>
>>Based on your concerns, an opt out mechanism would be added:
>>If you wanted to bypass the option, you could define a macro in the
>>specfile, eg.
>>`%{!?__python_dist_allow_version_zero:--fail-if-version-zero}`
>>
>>This would allow to build RPMs without bothering with versions. Also, if
>>it's upstream's decision to use version 0, that would be the way to go.
>>In Fedora this would give us an insight into how often this is needed.
>>
>>What do you think of enhancing the proposal this way?
>
>I wonder how many Python packages have ever been packaged with
>version 0. Are we trying to solve a problem that doesn't exist?
>Semver recommends[1] starting at 0.1.0 and without proof I think
>today most packages start by following semver. Any old packages that
>predate semver have a version > 0 by now.
>
Hi Ewoud,
Let me answer to two possible interpretations of your question.
The problem that exists is that you can incorrectly package a Python
RPM with Provides = 0 (without even knowing it unless inspecting the
metadata). I feel we could benefit from the proposed Change, if not
for anything else, then by getting rid of unnecessary steps of
discovery that a package is wrong (typically when it prevents other
packages from building/running), opening a Bugzilla and working to fix
it. That's costly and avoidable, so let's avoid it.
I'm 100% on board with that. Software should be hard to misuse and this
looks like a case where it's hardly ever (possibly never) what the
packager intended. That was not what my comment was about.
Does it happen that Python packages have a legitimate version 0 that
should make it to Fedora? We don't believe so, hence the proposed
Change, but as the others mentioned, it's not forbidden by PEP 440.
setuptools and flit will let you create package with 0.0.0. Poetry
automatically starts versioning the projects at 0.1.0.
That was indeed what my question was about. Yes, in theory a version 0
or 0.0.0 is possible but is there any proof that this is something that
has ever been needed?
Providing an opt-out is trivial and if this is what makes the Change
acceptable for the community, let's do it. It's definitely better than
forcing people to opt out from the generators altogether.
I'd argue that any code has a cost, even if it's trivial. Code that's
never executed is likely to be forgotten and/or have bugs.
So in short: this looks like a good proposal to me and I question the
need for an opt-out.
>>[1]:
https://semver.org/#how-should-i-deal-with-revisions-in-the-0yz-initial-d...