Open ghost opened 7 years ago
Hi, I'm actually the one who maintains the PyPI package (at least, I'm the one who uploaded 0.2, see #4). I don't currently use pydeep anymore, so I'm happy to transfer to someone else. Or, I can just take the current master, tag it and put it up, if @kbandla is okay with that.
Here in the repo there is only a 0.2 tag too, it does not only affect the pypi package.
The readme refers a 0.4 release which does not exist :/
Ah, so there's the py25 branch, with the commit ca337fc1fb2693fac3063b97252e5028e55ebc48, that is the "0.4" release. There should also likely be a "0.5" or "1.0" release (possibly based on the current master), so that the "latest version" on PyPI is compatible with Python 3. I'll wait for @kbandla to weigh in. At a minimum, ca337fc1fb2693fac3063b97252e5028e55ebc48 should be tagged as 0.4.
@kbandla : ping! Let me know if you'd like me to do anything to help
Any updates on a new release that supports Python 3?
a little late to the discussion, but some updates:
We can go ahead and do an update to pypi. @gtback could you add me as a pydeep maintainer in pypi?
@kbandla I tried to add you on PyPI but got this message: User 'kbandla' does not have a verified primary email address and cannot be added as a Owner for project.
. Let me know when you've verified your email address and I'll try again.
Just verified it @gtback 😁 Also, if you can, could you please go ahead with this release on pypi? Thanks!
Just added you! @kbandla . I haven't used pydeep in probably 3+ years. I'm happy to make a release, but would want to at least test it a bit first (just to make sure I'm not publishing a broken version). I might not get to that for a few days, so if you have a chance, go ahead. If not, I'll get to it by this weekend.
Looking forward to this!!
@kbandla I just published v0.4 to PyPI. I just did a "source distribution", meaning that people will still need the libfuzzy headers to compile the package, as before. There are ways to "pre-compile" for different OS's and publish "binary distributions", but I don't have easy access to any environments to do that.
Sorry this took longer than I'd hoped.
I think this can be closed.
@gtback Almost. It doesn't look like the release is here: https://github.com/kbandla/pydeep/releases
BTW: all this can be automated with a release here on Github triggering the pypi release or both happening in sequence, whatever works for you.
Also, just a side note: I like many people keep tabs on releases via this RSS/Atom feed: https://github.com/kbandla/pydeep/releases.atom
All you need to do is add .atom
to many Github URLs and you get a feed of that page. This is an excellent way to get alerted when releases happen.
I'm not an admin on this repo, so that would be up to @kbandla to do.
@gtback Some observations:
I recommend the following options (all dependent on @kbandla being onboard):
If @kbandla trusts you, you should be given collaborator access to the repo. This will let you perform releases using best practices here and at PyPI. If you're not going to be a collaborator on the project here on Github, you should surrender the PyPI credentials and account to one of the collaborators or owners. No matter which one happens, the PyPi credentials should be shared with the repo owner.
When that's done, there are a range of improvements to PyPi like providing wheels, making sure the README is displayed properly, and making sure the classifiers are there in the setup.py file and they match the versions that are setup in CI for testing.
Thanks, @utkonos. I agree with everything you said regarding GitHub and PyPI best practices.
@kbandla has been added to PyPI, but asked me to do this release. I'm not a maintainer of this GitHub repo, and am not interested in being added (no offense intended!) because I haven't used pydeep
since shortly after I published version 0.2 to PyPI in 2013, which I did only because I to be able to install it more easily myself. That initial release is the only reason I'm an owner on PyPI. (see the rest of this thread)
If you're interested (and it sounds like you might be) in maintaining the PyPI package, and if @kbandla is OK with it, I'd be happy to add you. Let me know your username and one of us can do it. I can't remove myself (a deliberate decision by the PyPI maintainers because of a series of "publish a sketchy package, then add a prominent Python developer and remove themselves" incidents), but would appreciate being removed once there is a plan for maintaining the PyPI package going forward.
The PyPi download appears to be incorrect or incomplete.
What do you mean? Yes, there is only a source distribution on PyPI, because the only platform I had easy access to was macOS, where I tested the following and verified it works: brew install ssdeep; pip install pydeep
. In an ideal world, there would be binary distributions for all OS's that ssdeep
supports, but I don't have the time or resources to do that right now.
Thanks @gtback for making this last release!
@utkonos i am the maintainer in both places. Do let us know if you want to help with the process. Also I noticed that ssdeep itself has moved to github recently, so we can probably make it a submodule and have it build in one step. I will explore and see what I can do. Meanwhile, I will cleanup and update pypi related recommendations that you made. Thanks!
I'm up for helping however I can.
@utkonos I added you to the PyPI repo. Feel free to remove me. Thanks for agreeing to help!
And pydeep does not have a stable release, not a release and not on pypi. The latest release 0.2 is from 2013, 4 years ago.
Current master supports Python3, the pypi release does not.
We want to use this library in other software and requiring a software without current releases and no support for python 3 is a show stopper.