Recover "python-libtorrent" package on pypi.org #5333
Comments
|
In which cases is Also, it seems that Ubuntu, Debian and Alpine are currently still using 1.x version of libtorrent, so this change might fall into "big 2.0 update" (although it is few months late). I personally think just |
I don't have evidence anything depends on In any case, hopefully it's a small clerical task to recover ownership of the pypi project. If it's easy, we can just use it; if it's too difficult, we'll know we have to switch project names. |
|
@arvidn any update on this? I was hoping it's not too much work on your end. We've made a lot of progress on the python build system. We could consider manually building and uploading some wheels now, ahead of having them auto-built in CI. |
|
wouldn't it be easier to pick a new name? like "libtorrent"? I can add a pypi API token to github, to make it available to actions |
|
You should probably register "libtorrent" right now anyway, since it's available. Even if we want to switch to "libtorrent", I think it's wise to try to recover "python-libtorrent", to prevent confusion and/or malicious dependency attacks. (Similarly if we recover "python-libtorrent" and want to stick with that, it's good to also own "libtorrent") |
|
as far as I can tell, the only way to claim a name is to upload a package.. is there an easier way? |
|
Interesting, I can't see a way either. I guess they've "streamlined" the process You could just change the name to "libtorrent" in $ python setup.py bdist_wheel
$ twine upload dist/* |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
unstale Any word on this? Per the PEP link, it should just be creating a new github issue. If there are blockers or you just don't want to do it, we should probably just close this issue and say we're going to change the name to just "libtorrent". |
|
sorry, I spent a little bit of time looking into this, but. Is I'm also quite unfamiliar with how to make CI actually upload builds, and how to make some builds be considered stable releases. |
It's most common for the distribution name (the pypi name) to match the module name, hence This isn't a strict rule, it could be
I'll put some thoughts in #6188 |
It would consider any tagged releases as stable? I would pick Always seems redundant to me to have It would be very helpful for all if we can get |
|
Just to note here that after testing the new wheels built by @AllSeeingEyeTolledEweSew in #6188 I have changed my mind about using the To prevent problems with a |
I thought about this too, but I can't think of any existing scenarios that will break if we change. Any downstream package with a dependency on python-libtorrent is definitely broken today, since https://pypi.org/project/python-libtorrent/ actually contains no files right now. As far as I know, pip/pypi is the only package system that respects the name in There are existing packages for libtorrent's python bindings in distro package managers like debian and alpine, but they aren't affected by the
We can put a All that said, the only upside to changing the name to "libtorrent" is aesthetics, assuming we're able to recover https://pypi.org/project/python-libtorrent/. But I actually think this is a perfectly good reason to change. I expect it'll lead to more users due to better clarity, and more users is better. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
@AllSeeingEyeTolledEweSew what's left now to make a pypi package? |
|
Should be:
|
|
I have ownership over the |
|
My understanding is that python-libtorrent is to be used to retain continuity, did the PR rename the package in setup.py? |
|
I would have expected to find the pypi project name that the build will be uploaded to could be found in either |
|
The metadata in setup.py sets the package name and the pypi project libtorrent/bindings/python/setup.py Line 450 in 53f90cf I honestly don't think changing the package name to just libtorrent is a good idea and this should be reverted I know I previously argued about changing to just libtorrent but that was before I realised how the package name is used in linux distros thus could have a packaging problem since renaming would make a separate package unaware of the original |
|
I see. I also don't see the |
|
Ah will need to create a separate testpypi account and push the package to take ownership |
|
oh, you push the package first and then claim ownership? |
|
I start the |
|
Did you change the package name in setup.py from libtorrent back to python-libtorrent? |
publishing happens at the end, once all builds are done. My reasoning was that if one build fails, maybe we want to fix it before publishing anything. The emulated architectures ( |
|
@arvidn I had previously uploaded artifacts to https://test.pypi.org/project/libtorrent/ for testing, so I'm the owner of the project. I had invited you as owner (presumably it sent you an email, the invites are per-username) but it looks like the invitation expired. I re-sent it. If you create an updated API token and update the github secret and re-run the workflow, it should pick up the cached builds and hopefully work |
I racked my brain but couldn't come up with a scenario where this was necessarily the case. Presumably e.g. the alpine package The good news is that if I'm wrong, the workflow makes it pretty easy to rewrite history and fudge releases of |
|
@AllSeeingEyeTolledEweSew could invite me to the |
|
done |
|
It is important because once the package is installed in the system it is named python-libtorrent but now there is a potential conflicting package called libtorrent and Python will find both when trying import. Instead of different versions of the python-libtorrent package. |
|
Can you elaborate? The extension is/always was named |
|
The other problem is that source code package name has just changed under linux packaging from python-libtorrent to libtorrent and may break automated scripts |
No it was named python-libtorrent until you changed in a few months ago: 8ea0e60 |
|
I feel that there are too many unintended consequences that we may or may not have considered to change the name of the bindings package for aesthetic reasons Remember this is not just about PyPi this is about the python binding package name that is defined in the source code and how that is installed into the system and how the Python package manager handles it. Having two different package names for this library is not a good idea... An example scenario is that once python-libtorrent is installed pip can remove or warn that an existing package is installed if you install python-libtorrent from pypi. With pip installing pypi libtorrent package that is it not possible to detect so now there are multiple packages installed providing the same library |
|
I have counterarguments, but I can't think of a way to prove either of us right, and I'm much more interested in closing this ticket than debating. @arvidn would it be very annoying to change the name in One caveat is we never recovered https://test.pypi.org/project/python-libtorrent/ . I opened pypi/support#1513 for that just now. Arvid won't be able to upload to test-pypi until that's resolved. I don't think that's a reason to delay uploading to production pypi though. |
|
is there no way to make Does this name also affect what you say after |
There is, but support is poor, and I think @cas-- 's concerns are about distro packagers and other non-pypi environments.
No. 8ea0e60 changed the distribution name (the The biggest advantage of |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
It would be nice to write python projects that depend on libtorrent. Today that's difficult, partly because libtorrent doesn't exist on pypi.org in any meaningful form. #5325 and #4218 are moving to help with this.
Historically, libtorrent's
setup.pyhas historically used the namepython-libtorrent. This name (notlibtorrent) would be used to declare a dependency on libtorrent; and python tools (pip, etc) would search pypi for this name.Someone published unofficial builds of libtorrent on pypi under this name, at https://pypi.org/project/python-libtorrent .
Also, linux distros have packaged libtorrent with python packaging metadata that declares the
python-libtorrentname. See alpine and ubuntu.This means that there may be python projects that depend on
python-libtorrentand do work in some environments. So changing this name is not ideal.(for what it's worth, I don't believe deluge has ever depended on
python-libtorrent. It just includes a vendored copy of libtorrent and a custom build system)It would be nice if arvid could take over the project from pypi, so we can publish wheels there. There's a process for doing this: https://www.python.org/dev/peps/pep-0541/#how-to-request-a-name-transfer
The text was updated successfully, but these errors were encountered: