"py3" version of backported futures 3.1.1 in Pypi

[jcmackie]

Hello!

Recently one of our builds broke due to a mismatch hash of 'futures' 3.1.1.

When I investigated I found that just in this particular version, a py3 version of the same package was built and published to Pypi.org on the 15th of September 2019: https://pypi.org/project/futures/3.1.1/#files

Because we install this library, for backwards compatibility, in a Python 3 virtual environment, the py3 package was preferred, however the hash did not match what we have in our Pipfile.lock obviously.

If this was a mistake can you please un-publish this py3 package of Futures 3.1.1.

Regards, James

[agronholm]

This was not a mistake. The dummy wheel was published as a workaround to prevent the library from causing harm when a third party library has an unconditional dependency on it: https://github.com/agronholm/pythonfutures/issues/90 Why are you installing it unconditionally?

[jcmackie]

We don't install it unconditionally.

Because we install this library, for backwards compatibility, in a Python 3 virtual environment...

This version, in this manner specifically. Anyway, I've since updated our lock file to specify the Python 2 version "markers": "python_version == '2.7'", for anyone else who runs into the same problem.

I'm going to close this because we have a work around.

[agronholm]

If your project is not using it as a direct dependency, can you point out which one of your dependencies causes it to be installed? I'd like to hunt down any library that does so and get them fixed.

[jcmackie]

We are using it as a direct dependency.

But because it's in prod, and we don't have time refactor the admittedly bad/incorrect state of our Python venv, I'm just going to employ a work around for now.

Thanks for your help.