buku
buku copied to clipboard
jarun
4.8 release missing from PyPI
I'm updating buku in Homebrew at https://github.com/Homebrew/homebrew-core/pull/129347, and I noticed the release is missing from PyPI. Was this intentional?
@rachmadaniHaryono is out for a while.
I tried to upload the package and seeing this error:
Uploading buku-4.8-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 224.0/224.0 kB • 00:02 • 394.0 kB/s
WARNING Error during upload. Retry with the --verbose option for more details.
ERROR HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/
Invalid value for requires_dist. Error: Can't have direct dependency: "flask-reverse-proxy-fix @
https://github.com/rachmadaniHaryono/flask-reverse-proxy-fix/archive/refs/tags/v0.2.3.zip ; extra ==
'reverse_proxy'"
@LeXofLeviafan any ideas?
He made a fork of the stale flask-reverse-proxy-fix package but never published it to PyPI. The current policy is that if you want a dependency in a PyPI package, it has to be published on PyPI as well. (That's what generally happens to years-old stale packages: someone releases a fork and begins maintaining it, while others gradually migrate to it.)
This topic had been raised a few times before, including here (unfortunately neither of their repos have issues tabs enabled, so this is the most adequate option we've got for such a discussion). There has been no response since February though (and no activity on pull-requests in this repo from him either, incidentally), so there's no telling how long it may take to deal with this issue.
Is there a way to work around the dependency? Otherwise, can we drop the feature that requires it?
The dependency itself appears to be implementing a workaround for a bug(?) in the Flask implementation of reverse-proxy support. AFAIK it's a fork of a (no longer maintained) PyPI package which fixes a bug in it (and I'm guessing this fix is important for bukuserver, and is likely implemented for its sake).
I'm not sure how much importance does the reverse-proxy support hold for most bukuserver users (me, I don't care much since I'm not hosting it on any server), but I'm guessing you could do something like this:
- create a dedicated branch (e.g. named
norevpoxy), based on the v4.8 tag commit -
within this branch, comment out the dependency (along with the
[reverse_proxy]extra which depends on it, insetup.py) - make an "alternative" 4.8 release (e.g.
v4.8-norevproxy) which can be published on PyPI (with a warning in PyPI description about the feature being temporarily disabled in the PyPI release) - for the time being (e.g. until the dependency package is released on PyPI), in case of another release, merge changes from it into this branch, and make an accompanying "alternative" release for PyPI again
- the branch can be "retired" once the PyPI issue is resolved properly
How about the opposite? Remove reverse proxy support from the default branch and have a local branch revproxy?
I mean, that's a temporary workaround – normally you'd want the "full" version to be the go-to option (except for where it's simply not usable). And there's no reason to have such a temporary workaround in the primary commits history.
Doing it the other way around sounds like basically dropping support for what might be a crucial feature for a WebUI… (unless the user knows there had been support for it and takes the effort to find out if there's still an up-to-date version that doesn't discard it somewhere in the repo instead of just thinking it's dropped for good, which sounds like quite a stretch TBH)
Ok, just chiming in with the same request, that I actually made a year ago, and came back here to check in on. Thanks for wrestling with it.
Indeed 4.8 is missing. buku 4.7.1 is the latest release https://pypi.org/project/buku/#history
