Use semantic versioning

Nick Coghlan ncoghlan at gmail.com
Thu Sep 24 05:55:03 UTC 2015


On 24 September 2015 at 02:26, Mads Kiilerich <mads at kiilerich.com> wrote:
> On 09/23/2015 06:19 PM, Robert Rauch wrote:
>>
>> I was wondering about the version bump in the latest Kallithea 0.2.9
>> release. Many people (including myself) are accustomed to 'Semantic
>> Versioning' (see http://semver.org/), maybe Kallithea should use that as
>> well.
>
> Yes, we only use the odd "beta" number because our setup.py makes bogus
> assumptions, pypi versioning seems "different" especially for beta releases,

This is true - pip has special handling for pre-releases, so it will
ignore them by default unless you specifically mention a pre-release
in your version specifier or pass the "--pre" option:
https://pip.pypa.io/en/stable/reference/pip_install/#pre-release-versions

PyPA's recommendations for version numbering are now at
https://packaging.python.org/en/latest/distributing/#choosing-a-versioning-scheme,
while the full technical specification for permitted version numbers
is at https://www.python.org/dev/peps/pep-0440/

> pypi seems to make it possible to make unauthenticated "DoS" by reserving
> release names

Which aspects are you referring to here? The fact we don't allow
replacing a release with a different file that has the same version
number? Or something else?

> and the pypi test instance apparently doesn't work - updates
> to it goes directly to the main pypi.

Could you provide more details on the problems you've seen? This is
the first I've heard of uploads to testpypi.python.org going to the
main site, so this may be a case of the tooling UX being confusing.

Using twine to do the uploads (rather than using setup.py's upload
command to do the build-and-upload as a single step) may help with
that: https://pypi.python.org/pypi/twine

Regards,
Nick.

P.S. If anyone is curious as to why the PEP 440 spec is so
complicated, the main challenge was attaining ~98% version number
compatibility with the 45k projects that were on PyPI in Jun 2014
after more than a decade of using Perl-style permissive
interpretations of version numbers:
https://bitbucket.org/pypa/pypi-metadata-formats/issues/41/how-much-compatability-is-enough#comment-10854105

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


More information about the kallithea-general mailing list