Closed mariyadavydova closed 5 years ago
Is this a common practice, to mute errors with empirically defined delay?
@asvetlov, @serhiy-storchaka please share your thoughts
Sorry for the delay. I never seem such logic before but suggestion from @mariyadavydova makes sense. There is a gap between publishing a new version on PyPI and mirroring it by conda. Just after PyPI release there is no update on conda, it appears somewhen a week later.
https://pypi.org/pypi/certifi/json
provides "upload_time": "2016-02-28T14:32:48"
for every release.
6-month-old certifi
is a security whole. 2 weeks old is not a problem.
We can just relax a warning a little.
perfect. My implementation also depends on "upload_time"
, the PR will be soon.
My concern is that this value almost literally repeats certifi_pypi_version
since certifi uses calver, thus we could simplify logic significantly and avoid reading and storing in .nmrc
an additional parameter certifi_pypi_upload_time
.
I feel that upload_time
is better from a code reading perspective, but I don't care too much
Two weeks gap is approximate time for this package to reach conda and other package managers after pip release. This gap will decrease the time when a user sees this error message but can't get rid of it as certifi is installed by the package manager, not pip.