Message ID | 86h777wcfg.fsf@polidoro.io |
---|---|
State | Accepted |
Headers | show |
Series | [bug#54737] gnu: python-multipart: Update to 0.2.4. | expand |
> (define-public python-multipart > (package > (name "python-multipart") > - (version "0.0.5") > - (source (origin > - (method url-fetch) > - (uri (pypi-uri "python-multipart" version)) > - (sha256 > - (base32 > - "0hzshd665rl1bkwvaj9va4j3gs8nmb478fbvligx20663xhmzfzp")))) > + (version "0.2.4") > + (source > + (origin > + (method url-fetch) > + (uri (pypi-uri "multipart" version)) > + (sha256 > + (base32 > "1jr24lm931pkh4x0amr19w5qknrckcg4z3k1zvz9cw5wc19j1fh6")))) What's the reason for changing from the python-multipart to multipart? I've looked at the home page and the pypi page, and it doesn't state that the latter is a successor of the former, so these look like unrelated projects or a typosquatting attack. Greetings, Maxime.
Hi. Good catch. I may have made a mistake when choosing between these two unfortunately named pypi packages. I need one of these two as a dependency for another Guix package. I am traveling at the moment, but I will double check this when I return in a few days. If I do need multipart instead of python-multipart, perhaps there is a better way to name the Guix packages to cause less confusion. Thanks! > On Jul 29, 2022, at 3:38 PM, Maxime Devos <maximedevos@telenet.be> wrote: > > >> >> (define-public python-multipart >> (package >> (name "python-multipart") >> - (version "0.0.5") >> - (source (origin >> - (method url-fetch) >> - (uri (pypi-uri "python-multipart" version)) >> - (sha256 >> - (base32 >> - "0hzshd665rl1bkwvaj9va4j3gs8nmb478fbvligx20663xhmzfzp")))) >> + (version "0.2.4") >> + (source >> + (origin >> + (method url-fetch) >> + (uri (pypi-uri "multipart" version)) >> + (sha256 >> + (base32 "1jr24lm931pkh4x0amr19w5qknrckcg4z3k1zvz9cw5wc19j1fh6")))) > > What's the reason for changing from the python-multipart to multipart? I've looked at the home page and the pypi page, and it doesn't state that the latter is a successor of the former, so these look like unrelated projects or a typosquatting attack. > > Greetings, > Maxime.
I looked at my notes and found that this was indeed a mistake. I need the python-multipart pypi package, not the multipart pypi package. You can close this, thank you for catching my error. I apologize for the confusion and for your time. Peter Polidoro <peter@polidoro.io> writes: > [1. text/plain] > Hi. Good catch. I may have made a mistake when choosing between > these two > unfortunately named pypi packages. I need one of these two as a > dependency for > another Guix package. I am traveling at the moment, but I will > double check this > when I return in a few days. If I do need multipart instead of > python-multipart, > perhaps there is a better way to name the Guix packages to cause > less confusion. > Thanks! > >> On Jul 29, 2022, at 3:38 PM, Maxime Devos >> <maximedevos@telenet.be> wrote: >> >> >>> >>> (define-public python-multipart >>> (package >>> (name "python-multipart") >>> - (version "0.0.5") >>> - (source (origin >>> - (method url-fetch) >>> - (uri (pypi-uri "python-multipart" version)) >>> - (sha256 >>> - (base32 >>> - "0hzshd665rl1bkwvaj9va4j3gs8nmb478fbvligx20663xhmzfzp")))) >>> + (version "0.2.4") >>> + (source >>> + (origin >>> + (method url-fetch) >>> + (uri (pypi-uri "multipart" version)) >>> + (sha256 >>> + (base32 >>> "1jr24lm931pkh4x0amr19w5qknrckcg4z3k1zvz9cw5wc19j1fh6")))) >> >> What's the reason for changing from the python-multipart to >> multipart? I've >> looked at the home page and the pypi page, and it doesn't state >> that the >> latter is a successor of the former, so these look like >> unrelated projects or >> a typosquatting attack. >> >> Greetings, >> Maxime. > > [2. application/pgp-keys; OpenPGP_0x49E3EE22191725EE.asc]... > > [3. application/octet-stream; OpenPGP_signature]...
On Mon Aug 1, 2022 at 6:35 PM BST, Peter Polidoro wrote: > You can close this, thank you for catching my error. I apologize > for the confusion and for your time. Anyone can close an issue; you just send an email to control@debbugs.gnu.org with the following contents: ``` close ISSUE_NUMBER ``` -- (
From ac80ae77c153ac8d39fa70ceacb6adf332e6f7bf Mon Sep 17 00:00:00 2001 From: Peter Polidoro <peter@polidoro.io> Date: Tue, 5 Apr 2022 15:33:07 -0400 Subject: [PATCH] gnu: python-multipart: Update to 0.2.4. * gnu/packages/python-xyz.scm (python-multipart): Update to 0.2.4. --- gnu/packages/python-xyz.scm | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm index 30cab6a113..fd25d3b62e 100644 --- a/gnu/packages/python-xyz.scm +++ b/gnu/packages/python-xyz.scm @@ -29320,29 +29320,18 @@ (define-public python-stltools (define-public python-multipart (package (name "python-multipart") - (version "0.0.5") - (source (origin - (method url-fetch) - (uri (pypi-uri "python-multipart" version)) - (sha256 - (base32 - "0hzshd665rl1bkwvaj9va4j3gs8nmb478fbvligx20663xhmzfzp")))) + (version "0.2.4") + (source + (origin + (method url-fetch) + (uri (pypi-uri "multipart" version)) + (sha256 + (base32 "1jr24lm931pkh4x0amr19w5qknrckcg4z3k1zvz9cw5wc19j1fh6")))) (build-system python-build-system) - (propagated-inputs (list python-six)) - (native-inputs (list python-pyyaml python-mock python-pytest-cov)) - (arguments - `(#:phases (modify-phases %standard-phases - ;; There is a bug in the test_suit specification. - (add-after 'unpack 'patch-test-suite - (lambda _ - (substitute* "setup.py" - (("test_suite = 'multipart.tests.suite'") - "test_suite = 'multipart.tests.test_multipart.suite'"))))))) - (home-page "https://github.com/andrew-d/python-multipart") - (synopsis "Streaming multipart parser for Python") - (description - "This package provides a streaming multipart parser for Python.") - (license license:asl2.0))) + (home-page "http://github.com/defnull/multipart") + (synopsis "Parser for multipart/form-data.") + (description "Parser for multipart/form-data.") + (license license:expat))) (define-public python-aiopg (package -- 2.35.1