On Sat, Oct 30, 2021 at 8:42 PM Gordon Messmer <gordon.messmer@gmail.com> wrote:

On 10/29/21 05:49, Miro Hrončok wrote:
> For some of them (e.g. mako), this seems to be a mistake even.

There are a lot of "dev0" versions in that set, so I took a look for the
cause. It looks like all of the "dev0" packages use github source
rather than PyPI sources, which means that none of the release process
defined in setup.py/cfg is being used for those packages; they're just
tarballs of the git repo.

https://src.fedoraproject.org/rpms/python-mako/blob/rawhide/f/python-mako.spec#_11

"dev0" doesn't appear to be a bug in the scripts. Builds from github
are intentionally marked dev releases:

https://github.com/sqlalchemy/mako/blob/main/setup.cfg#L72

That pattern also appears in the updated policy document:

https://fedoraproject.org/wiki/Changes/PythonPackagingGuidelines202x

I'd suggest that we should instead strongly encourage the use of PyPI URLs.

I disagree. PyPI is basically a packaging environment, so using the tarballs from there would mean we are then subject to the curation decisions by the people who package the PyPI releases before we even get the sources for the package (which may or may not be the upstream developers). Additionally, using the GitHub repo as the source of the package would seem to fit the spirit behind the packaging guidelines more (https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/) - where it says "For the Fedora packager, this means that sources used to build a package should be the vanilla sources available from upstream."

-Ian