ypcrts
commented
3 years ago Hi! Thanks for raising this concern!
As you mentioned, the v1.5.1 tag ( 5ab747e14a04b461a3836583405a95762a420594 refs/tags/v1.5.1 ) and the v1.5.1 tarball are exactly the same runtime code:
$ sha256sum fqdn/*
b627858d2b709b4b68a031fd8219dd01df838324a22b87f58a6e1ca6f31c71d8 fqdn/_compat.py
79a4dd669a9a77c3f62fa28e33bd20dce86d03fc5afa44f43e612fd445cc7240 fqdn/__init__.pyThe distributed tarball is generated by python3 setup.py sdist bdist_wheel then uploaded with twine upload dist/*. Is this setuptools packaging process not okay for you? Are the build artifacts causing a problem for you?
├── fqdn
│ ├── _compat.py
│ └── __init__.py
├── fqdn.egg-info
│ ├── dependency_links.txt
│ ├── PKG-INFO
│ ├── requires.txt
│ ├── SOURCES.txt
│ ├── top_level.txt
│ └── zip-safe
├── PKG-INFO
├── README.rst
├── setup.cfg
└── setup.pyThe tarball omits the directories below, which are not used at runtime.
docs/is boilerplate code to pull out docstrings from codetests/contains unit tests, which are run in CI before distribution
Is there something missing from the tarball that you feel should be there? Can you help me understand what your use case for it would be?
letoams
Hi,
I ended up via https://pypi.org/project/fqdn/ to download https://files.pythonhosted.org/packages/30/3e/a80a8c077fd798951169626cde3e239adeba7dab75deb3555716415bd9b0/fqdn-1.5.1.tar.gz
The same pypi page points to this github project as the "home page"
When compared to this git repository at tag v1.5.1, the "fqdn" subdir is identical but there rest is very different. Like one has a LICENSE file and the other does not., one contains a tests/ dir, the other does not. This is kind of a nightmare for packagers, as I now don't know which is the real version, and I have to diff everything to check for malicious stuff.
Perhaps you can do a 1.5.2 release that brings these two sources back into sync?