investigate newer setuptools #2044
Labels
No Label
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.10.0
1.10.1
1.10.2
1.10a2
1.11.0
1.12.0
1.12.1
1.13.0
1.14.0
1.15.0
1.15.1
1.2.0
1.3.0
1.4.1
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.7β
1.8.0
1.8.1
1.8.2
1.8.3
1.8β
1.9.0
1.9.0-s3branch
1.9.0a1
1.9.0a2
1.9.0b1
1.9.1
1.9.2
1.9.2a1
LeastAuthority.com automation
blocker
cannot reproduce
cloud-branch
code
code-dirnodes
code-encoding
code-frontend
code-frontend-cli
code-frontend-ftp-sftp
code-frontend-magic-folder
code-frontend-web
code-mutable
code-network
code-nodeadmin
code-peerselection
code-storage
contrib
critical
defect
dev-infrastructure
documentation
duplicate
enhancement
fixed
invalid
major
minor
n/a
normal
operational
packaging
somebody else's problem
supercritical
task
trivial
unknown
was already fixed
website
wontfix
worksforme
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Reference: tahoe-lafs/trac-2024-07-25#2044
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What is setuptools 0.7+ ?
Does setuptools 0.9.* fix any of the bugs we care about?
What happens when you try to use zetuptoolz on a system with setuptools 0.7+ installed?
These questions --and many others-- will be answered in the next episode of the ongoing saga that is Tahoe-LAFS packaging.
Apparently setuptools 0.6 (which zetuptoolz is forked from) does not verify SSL :-(, and setuptools 0.7+ does.
I just read through our revision control history of the bundled copy of setuptools, and here are all the patches that I saw that we applied that aren't (or weren't) in upstream setuptools:
That's all! There are only seven patches that we need to confirm whether they are fixed upstream, or port our patches to the new setuptools, or decide that we don't mind a regression by losing this patch.
Also dstufft mentioned that he would be willing to consider accepting these patches upstream if they aren't already there.
Dear geal:
Thank you for working on this! Please add the "review-needed" tag to this ticket once this ticket has a link to a github pull request or a patch that fixes it.
This might help with #2217.
dstufft pointed out on IRC that the latest setuptools refuses to download dependencies from PyPI over insecure HTTP. This is an important feature.
investigate setuptools 0.7+to investigate newer setuptoolsMilestone renamed
We've removed zetuptoolz, and we now require a non-ancient version of setuptools. Also, our new virtualenv-based install instructions will generally give users a very modern setuptools, and current pip does the right thing with TLS. Time to close this one.