Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pool: ensure sources are prioritised over PyPI #3251

Merged
merged 1 commit into from
Oct 23, 2020

Conversation

abn
Copy link
Member

@abn abn commented Oct 19, 2020

When a project specifies non default sources, PyPI gets added as the
default source. This will prioritise packages available in PyPI when
the package exists in both index. This change ensures that PyPI is
only used as a default when no other sources are provided.

Resolves: #1677 #2564 #3238

@abn abn added kind/bug Something isn't working as expected area/repo Meta-issues for the repository/forge itself labels Oct 19, 2020
@abn abn added this to the 1.1 milestone Oct 19, 2020
@abn abn requested a review from a team October 19, 2020 23:43
When a project specifies non default sources, PyPI gets added as the
default source. This will prioritise packages available in PyPI when
the package exists in both index. This change ensures that PyPI is
only used as a default when no other sources are provided.

Resolves: python-poetry#1677 python-poetry#2564 python-poetry#3238
@sdispater sdispater merged commit 5b6d0c0 into python-poetry:1.1 Oct 23, 2020
@abn abn deleted the issue/3238 branch October 23, 2020 12:57
@intgr
Copy link
Contributor

intgr commented Oct 29, 2020

Note that this caused a regression in our use case, we had configured a custom source in [[tool.poetry.source]], but the certificate was not trusted. Since 1.1.3 did not use the configured source, it worked, but 1.1.4 started failing by surprise.

It's not a big deal, but on the other hand, we would prefer not to have ugly surprises in patch level updates.

Maybe such behavior-changing fixes should not go into patch-level releases?

@sinoroc
Copy link

sinoroc commented Nov 24, 2020

@intgr
@tomzx contributed a possible fix here: #3406
Would you mind testing it if you get a chance?

@abn
Copy link
Member Author

abn commented Nov 24, 2020

Note that this caused a regression in our use case, we had configured a custom source in [[tool.poetry.source]], but the certificate was not trusted. Since 1.1.3 did not use the configured source, it worked, but 1.1.4 started failing by surprise.

It's not a big deal, but on the other hand, we would prefer not to have ugly surprises in patch level updates.

Maybe such behavior-changing fixes should not go into patch-level releases?

@intgr One thing to note here is that this was a bug fix to what became expected behaviour with 1.1.0 - ie. how various repository sources configured were handled. This was expected to keep priorities as described in the documentation, however this was not the case.

That said, I can also appreciate that how this is viewed can be subjective, Definitely, not intentional to cause surprises in patch releases and not something we want to make a habbit of either.

Copy link

github-actions bot commented Mar 1, 2024

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area/repo Meta-issues for the repository/forge itself kind/bug Something isn't working as expected
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants