=== r0bby_ is now known as robbyoconnor [12:24] hi all, bzr seems to be missing from pypi this morning. what's up? [12:26] jelmer: ^^ ? (hello, btw!) [12:35] * yashi_ still learning the concept of branches [12:38] hi all, anyone know what's happening with "pip install bzr"? It errors with "Could not find any downloads that satisfy the requirement bzr" and https://pypi.python.org/pypi/bzr/ is a 404 indeed [12:54] bac, frankban: I've heard confusing news from pypi, can you pinpoint when it started happening ? [12:55] vila: it worked last night around 2300UTC but i discovered it was missing about one hour ago. [12:55] bac: excellent, that confirms my suspicion that they broke bzr on pypi very recently [12:56] yes. there was the email from pypi about externally hosted files that went out recently. in it they said no action would be taken for three months. related? [12:58] bac: you bet [12:59] bac: I did upload a tarball one year ago and they seem to have completely removed the project [13:00] vila: do you know who the other pypi maintainers were? [13:00] bac: https://bugs.launchpad.net/bzr/+bug/1323805 [13:00] Ubuntu bug 1323805 in Bazaar "bzr is not pip installable" [Critical,Fix released] [13:00] bac: lifeless and poolie but I think they are screwed as me since the project is nowhere to be seen anymore on pypi [13:03] vila: so do i read correctly in that bug that bzr 2.6.0 download file was hosted at pypi? [13:04] bac: you read perfectly right :-/ [13:04] bac: so it seems they removed bzr because old versions weren't hosted on pypi despite the latest (and only relevant one) was [13:04] vila: so, the email i referenced really should have not been applicable to the project [13:04] bac: yes, I got the same email and I agree [13:05] vila: by "they" do you think pypi admins or a bzr maintainer? [13:05] bac: I replied this morning but no response yet [13:05] nothing should have happened for a while. :( [13:05] bac: pypi, if it's a bzr maintainer..... I would be speechless ;) [13:05] bac: it's hard enough without saboters ;-D [13:06] bac: and what's your use case by the way ? (I'm ready for the worse) [13:07] vila: we have test suites that rely on bzr to be pip installed in a virtualenv. those projects now fail our CI and are doa at the moment [13:07] bac: ok, if we're lucky CI is warning us soon enough... [13:10] abentley, mgz: can either of you shed any light or a way forward on the pypi issue? [13:11] I got the same email, about another project. I don't know what happened here. [13:12] bac: nope, I have been reading along, seems we need to poke pypi admins [13:12] * barry waves [13:13] barry: waves as in: you're a pypi admin ? [13:13] barry: hi ;) [13:13] abentley, mgz_ : hi too ;) [13:13] vila: i'm not. i also don't think i am an owner of bzr on pypi [13:13] barry: i don't think anyone is now. :) [13:13] vila: so i don't know what's going on, but two things come to mind [13:13] barry: I think I was :-/ Well, I was able to upload [13:14] barry: yeah, as bac said, I think nobody is anymore :-( [13:14] (as i'm sure you know) there was some discussion on the mlist about transfering ownership from mpool. i never saw a follow up but maybe there was a snafu there [13:14] vila: do you know: were the tarballs hosted on pypi or externally (i.e. *only* on lp)? [13:15] barry: I think it happens at the same time but I'm pretty sure neither lifeless nor poolie checked pypi [13:15] barry: all were on lp *EXCEPT* 2.6.0 that was uploaded on pypi a year ago, see https://bugs.launchpad.net/bzr/+bug/1323805 [13:15] Ubuntu bug 1323805 in Bazaar "bzr is not pip installable" [Critical,Fix released] [13:16] bzr 2.6.0 still comes up [13:16] in a search, but the link 404s [13:17] barry: yup [13:17] barry: may be you know a pypi admin that can be poked ? [13:17] so, the other thing that is happening recently is that pypi (and the whole stack) will stop chasing external links, so *only* tarballs hosted on pypi will be pip installable. there are good reasons for this, but it should be something like 6mo away. just yesterday there were some tests of the email that was going to get sent out. i wonder if something got deployed too early [13:18] barry: that's my gut feeling (something on the pypi side) [13:18] bac: apart from the CI jobs (juju ?), what could be the impact from your pov ? [13:18] Hi [13:19] dstufft: hi! [13:19] dstufft: \o/ [13:19] dstufft: i'm not a bzr admin on pypi [13:19] dstufft: only the 2.6.0 tarball was on pypi [13:19] I just registered bzr to my name on PyPI, it was deleted from PyPI by someone named "tanner" on PyPI at 2015-09-24 22:38:33 [13:19] the whole project was deleted [13:19] O_o [13:19] dstufft: so this isn't related to the external tarball thing? [13:19] dstufft: can you revert that ?!?! [13:19] Do you know who tanner is? [13:20] i don't [13:20] vila: we have a lot of projects (i'm mostly concerned with juju-ish ones) that rely on bzr. so they are all affected wrt CI and automated landings [13:20] dstufft: he is/was a bzr contributor, not sure why he had the power to delete the project [13:20] barry: No, we've not made any actual changes for external tarballs yet, just emailed people to tell them that in 3 months we're going to do a thing [13:20] bac: right, so the fire is coming, that's what I was afraid about [13:21] tanner might have been spurred on by the email I sent him though [13:21] dstufft: or clicked the wrong button and hiding under his couch right now [13:21] dstufft: cool. it was suspicious timing, but it sounds like its unrelated [13:21] anyways, I can't really revert it. I can give it back to you and release all the filenames so you can reupload [13:21] I registere dit to my name so nobody else registered it and put up something malicious [13:22] dstufft: that sounds like a plan. vila, bac i'm happy to co-own it if that helps [13:22] barry: +1 [13:22] dstufft: good, I changed my password on pypi this morning in case something was wrong, 'vila', I'll deal with given back the project to the rightful owners [13:22] barry: thanks ! [13:22] If you really need it, I can probably fish stuff out of a backup, but that's probably going to burn at least a day for me [13:22] Ok [13:23] I'll give vila admin on PyPI and let you take it from there [13:23] * vila runs to check if the 2.6.0 pristine tarball is still there [13:23] vila: should be easier to re-upload than restore from backup, right? [13:23] sounds good, thanks for the quick response! [13:23] vila: i saw it on launchpad [13:23] bac: yes [13:23] dstufft: we've got a plan, thanks so much ! [13:24] thanks everyone [13:24] I just removed myself from the bzr project, so it's all you now vila [13:24] It'll be just a minute for me to release the filenames [13:24] vila can you ping me when you think it is restored [13:24] (once a filename is uploaded to PyPI, you can't ever reupload the same filename without me releasing it) [13:25] bac: you bet I'll ping you to test ;) [13:25] excelelnt [13:25] dstufft: crystal clear and matches my expectations [13:26] * vila finds the 2.6.0 tarball and starts breathing again [13:27] now to find the right setup.py command... [13:27] you want twine [13:28] setup.py doesn't let you upload an already created tarball [13:28] (also setup.py is bad) [13:28] anyways, filenames released ^ [13:29] gonna drop out of channel, if y'all need anything else feel free to PM me or pop into #python-infra or #pypa(-dev) [13:30] dstufft: ack, thanks, uploading from the web page as I don't want to re-generate/sign a new tarball [13:32] Invalid version, cannot be parsed as a valid PEP 440 version. :-( [13:34] barry: ^ [13:36] vila: i'll jump over to #python-infra [13:38] barry: I'm in #pypa talking with dstufft [13:38] vila: i'm there now too [13:38] icu [14:59] bac: ping me once your CI jobs get greener just to make sure [15:01] vila: one just passed CI. i think we're good