chore: bump to 1.0.1.post1 since 1.0.1 seems to be taken #679
Conversation
Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
|
Followup to #677. I'm not sure this is the actual issue, though, since the following query: SELECT filename
FROM `bigquery-public-data.pypi.distribution_metadata`
WHERE name = "build"produces [{
"filename": "build-0.1.0-py2.py3-none-any.whl"
}, {
"filename": "build-0.0.2.tar.gz"
}, {
"filename": "build-0.0.3.1.tar.gz"
}, {
"filename": "build-0.0.4.tar.gz"
}, {
"filename": "build-0.0.4-py2.py3-none-any.whl"
}, {
"filename": "build-0.0.2-py2.py3-none-any.whl"
}, {
"filename": "build-0.0.3.1-py2.py3-none-any.whl"
}, {
"filename": "build-0.8.0-py3-none-any.whl"
}, {
"filename": "build-0.8.0.tar.gz"
}, {
"filename": "build-0.6.0.tar.gz"
}, {
"filename": "build-0.6.0-py3-none-any.whl"
}, {
"filename": "build-0.6.1.tar.gz"
}, {
"filename": "build-0.6.1-py3-none-any.whl"
}, {
"filename": "build-0.6.0.post1-py3-none-any.whl"
}, {
"filename": "build-0.6.0.post1.tar.gz"
}, {
"filename": "build-0.3.1.tar.gz"
}, {
"filename": "build-0.3.1-py2.py3-none-any.whl"
}, {
"filename": "build-0.3.1.post1-py2.py3-none-any.whl"
}, {
"filename": "build-0.3.1.post1.tar.gz"
}, {
"filename": "build-0.0.1-py2.py3-none-any.whl"
}, {
"filename": "build-0.4.0-py2.py3-none-any.whl"
}, {
"filename": "build-0.4.0.tar.gz"
}, {
"filename": "build-0.3.0.tar.gz"
}, {
"filename": "build-0.3.0-py2.py3-none-any.whl"
}, {
"filename": "build-0.7.0-py3-none-any.whl"
}, {
"filename": "build-0.7.0.tar.gz"
}, {
"filename": "build-0.9.0-py3-none-any.whl"
}, {
"filename": "build-0.9.0.tar.gz"
}, {
"filename": "build-0.2.0-py2.py3-none-any.whl"
}, {
"filename": "build-0.2.0.tar.gz"
}, {
"filename": "build-0.2.1.tar.gz"
}, {
"filename": "build-0.2.1-py2.py3-none-any.whl"
}, {
"filename": "build-0.1.0.tar.gz"
}, {
"filename": "build-1.0.0-py3-none-any.whl"
}, {
"filename": "build-1.0.0.tar.gz"
}, {
"filename": "build-0.0.1.tar.gz"
}, {
"filename": "build-0.10.0-py3-none-any.whl"
}, {
"filename": "build-0.10.0.tar.gz"
}, {
"filename": "build-0.5.0.tar.gz"
}, {
"filename": "build-0.5.0-py2.py3-none-any.whl"
}, {
"filename": "build-0.5.1-py2.py3-none-any.whl"
}, {
"filename": "build-0.5.1.tar.gz"
}]Which doesn't seem to the a problem. |
There was a problem hiding this comment.
This is not the problem. See https://pypi.org/simple/build there's no 1.0.1.
|
It's too old, this is from @di: So we'll need |
|
Who uploaded 1.0.1 or 1.0.2? Doesn't show up on https://pypi.org/project/build/#history either 🤔 |
|
How is that dated to 2015 when earliest commit here is 2020. Maybe a nameclash with something artifact |
|
PyPI is picking up a 1.0.1 release from an older "build" project presumably. |
|
Still feels a bug in pypi, is 1.0 to 1.0.2 the only builds then we need to worry about? |
|
There was a project named "build" that was deleted to give us the name. It had two releases, on the same day in 2015, 1.0.1 and 1.0.2. We can either do 1.0.3 or 1.0.1.post1. We've done .post1 twice before. This is a security feature in PyPI that is supposed to help projects that don't want to pin hashes. Though given person-in-the-middle attacks, post releases, and build numbers, I'm not sure it's really helping these projects except to give a false sense of security. |
|
Let's do 1.0.3 🤔 to solve the problem forever, or 1.1.0 😆 |
|
I like 1.0.3 best. |
It seems there was a previous build 1.0.1 release. Without knowing what files the old project had, we are kind of stuck in this try, try again game.
Another good reason to move to CalVer, IMO. :)