atemate
commented
5 years ago Is this a common practice, to mute errors with empirically defined delay?
@asvetlov, @serhiy-storchaka please share your thoughts
Closed mariyadavydova closed 5 years ago
atemate
commented
5 years ago Is this a common practice, to mute errors with empirically defined delay?
@asvetlov, @serhiy-storchaka please share your thoughts
asvetlov
commented
5 years ago Sorry for the delay. I never seem such logic before but suggestion from @mariyadavydova makes sense. There is a gap between publishing a new version on PyPI and mirroring it by conda. Just after PyPI release there is no update on conda, it appears somewhen a week later.
https://pypi.org/pypi/certifi/json provides "upload_time": "2016-02-28T14:32:48" for every release.
6-month-old certifi is a security whole. 2 weeks old is not a problem.
We can just relax a warning a little.
atemate
commented
5 years ago perfect. My implementation also depends on "upload_time", the PR will be soon.
My concern is that this value almost literally repeats certifi_pypi_version since certifi uses calver, thus we could simplify logic significantly and avoid reading and storing in .nmrc an additional parameter certifi_pypi_upload_time.
asvetlov
commented
5 years ago I feel that upload_time is better from a code reading perspective, but I don't care too much
Two weeks gap is approximate time for this package to reach conda and other package managers after pip release. This gap will decrease the time when a user sees this error message but can't get rid of it as certifi is installed by the package manager, not pip.