You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The same pypi page points to this github project as the "home page"
When compared to this git repository at tag v1.5.1, the "fqdn" subdir is identical but there rest is very different. Like one has a LICENSE file and the other does not., one contains a tests/ dir, the other does not. This is kind of a nightmare for packagers, as I now don't know which is the real version, and I have to diff everything to check for malicious stuff.
Perhaps you can do a 1.5.2 release that brings these two sources back into sync?
The text was updated successfully, but these errors were encountered:
As you mentioned, the v1.5.1 tag ( 5ab747e14a04b461a3836583405a95762a420594 refs/tags/v1.5.1 ) and the v1.5.1 tarball are exactly the same runtime code:
The distributed tarball is generated by python3 setup.py sdist bdist_wheel then uploaded with twine upload dist/*. Is this setuptools packaging process not okay for you? Are the build artifacts causing a problem for you?
Hi,
I ended up via https://pypi.org/project/fqdn/ to download https://files.pythonhosted.org/packages/30/3e/a80a8c077fd798951169626cde3e239adeba7dab75deb3555716415bd9b0/fqdn-1.5.1.tar.gz
The same pypi page points to this github project as the "home page"
When compared to this git repository at tag v1.5.1, the "fqdn" subdir is identical but there rest is very different. Like one has a LICENSE file and the other does not., one contains a tests/ dir, the other does not. This is kind of a nightmare for packagers, as I now don't know which is the real version, and I have to diff everything to check for malicious stuff.
Perhaps you can do a 1.5.2 release that brings these two sources back into sync?
The text was updated successfully, but these errors were encountered: