On Tue, Jun 23, 2020 at 06:26:23PM +0200, Tomas Hrnciar wrote:
Hello everyone, there are plenty of Python packages in Fedora currently using setuptools at buildtime but not all of them are BuildRequiring it explicitly. This only works because python3-devel (transitively) depends on python3-setuptools. We would like to kindly ask you to add explicit BuildRequires for python3-setuptools to packages where setuptools is used. It will help us with testing new versions of setuptools in the future or with decoupling Python and setuptools. Today, if we want to know if a package is using setuptools, we have to do `fedpkg prep` and use grep to search for setuptools. Using a repoquery is much more convenient. Several packages can successfully build either with or without setuptools (they use try-except import and fallback to distutils from the standard library). Such packages are especially dangerous when not BuildRequiring setuptools -- they can produce different results depending on the presence of setuptools: either an .egg-info metadata directory (w/setuptools) or .egg-info text file (w/distutils). RPM has troubles when upgrading directories to files [1]. [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/ According to our grep based query on Fedora Rawhide, there are 621 known packages using setuptools without BuildRequiring it at this point: Thank you very much for your help with this. On behalf of python-setuptools maintainers, Tomáš Hrnčiar
[snip...]
flawfinder athoscr
Fixed in rawhide [snip...] _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
