Social engineering malware

Will save the world by foreshadowning the pypi.org delisting announcement

Great example of malware that uses social engineering to deceive and only later realize those good intentions were quite harmful.

One step away from requiring a PoW algo to fund package authors. Which is great unless running on a crap laptop from the stone ages. Then it becomes a barrier to entry or simply broken UX.

Don't like to hear this, but at some point in time this package will be delisted from pypi.org

Hello! i have an inferiority complex. Would like to leave the impression to everyone that i'm a very important person.

For my packages, how to make imports install duration correlated to my deep inferiority complex? To give the impression of compiling a massive code base written in a low level language. Rather than this ducked typed language static type checked with pre py312 knowhow (which is the truth!).

American Python packages should run like American motorcycles, bleeding oil all over the road.

Lets Make America clunky af again

This may or may not be sarcasm

It's really really dangerous to expose a parody onto a package author whose written both a build backend and a requirements parser. If Trump found out about this, the build backend might incorporate tariff.

This is one plugin away from becoming a feature

Heil cobra!!

Because foreign packages have been STEALING our CPU cycles for TOO LONG! It's time to put AMERICA FIRST and make importing FAIR and BALANCED again!

i use interrogate

Which has a fun bug. Uses ast to compile every module. If a module contains a compile error, get a traceback showing only the one line that contains the issue, but not the module path nor the line #

The only way to find the issue is to just test your code base and ignore interrogate until code base is more mature.

interrogate author and maintainers: UX ... what's that?

The most obvious bug in the history of bugs ... setuptools maintainers, oh that's a feature request

No normal sqa user will have any clue how to do this.

might wanna take this up with the sqlachemy maintainers OR look at sqlachemy tests for how they are testing driver integration.

Some other dialect+driver will do the exact same thing as this jbdc driver.

 undefined

    
informix+ifx_jdbc://hostname:port/db_name;INFORMIXSERVER=server_name;delimident=y;user=user;password=pass

  

becomes

 undefined

    
informix+ifx_jdbc://user:pass@hostname:port/db_name?INFORMIXSERVER=server_name&delimident=y

  

If this is a sqlalchemy engine connect url then it would look like the fixed one.

https://github.com/OpenInformix/IfxPy/blob/master/README.md

This does not appear to support SQLAlchemy. Has a dbapi2 but no official driver+dialect supported by SQLAlchemy.

In which case, why are you bothering? Time would be better spent working on adding SQLAlchemy support than using the dbapi2 directly. In which case the code would be completely non-portable when decide to switch to other driver+dialect

setuptools is for enforcing a cartel, naively can simplify that to for building.

I hope uv completely replaces setuptools and build. Then the maintainers can move on to another racket.

Regular dependencies lack host url and hashes. Those are most important.

For the full details, encourage you to read pep751

^^ look a link! Oh so clickable and tempting. Go ahead. You know that pretty blue font-color is just asking for it. And after clicking the font-color changes colors. Wonder what font-color it'll become? Hmmmm

git sources are not allowed by pypi.org

pypi.org cartel does not like competition; github repos are no exception.

Try to publish packages with git sourced packages and find out the hard way or save time and take my word for it.

-- author of wreck

i love requirements files, venv, and pyenv.

Bringing requirements into pyproject.toml does not have enough value add to bother with. My requirements files are hierarchical. Extensively using -r and -c options AND venv aware.

pep751 does bring value, by stating both the host url and the hash of every package.

setuptools will fight this to continue their strange hold on Python

i'm sad to report

wreck 0.3.4.post0 no longer emits build front end options into .lock files wreck#30.

Background of efforts to beg and plead for setuptools maintainers to bend ever so slightly.

Continuing from denied way to pass build front end options thru requirement files so know non-pypi.org hosts setuptools#4928

This hurts those hosting packages locally or remotely on non-pypi.org package index servers. For those who are, the packages themselves give no clue where the dependencies and transitive packages are hosted.

Each and every user would need to have a ~/.pip/pip.conf or pass --extra-index-url pip install cli option. And somehow know all the possible package index servers.

This allows the pypi.org cartel to continue along it's merry way unimpeded.

Wish pep751 good luck and may there be a .unlock equivalent. Do not yet understand how the pep751 implementers will bypass setuptools and build.

From the hatch docs, not seeing where it discusses publishing to alternative package warehouses.

Will look at it again

Viva la package dependencies!

Does it do away with setuptools? After my experience interacting with the maintainers, now refer to that package as, The Deep State

The Deep State only supports loading dependencies from pypi.org Which has many advantages right up until it doesn't.

This new standard contains dependency host url. Hope there is a package other than setuptools that supports it.

When bring it up, and prove it, the responses alternate between playing dumb and gaslighting. The truth is The Deep State are gate keepers. And they are in the way.

Training wheels off mode please! So there is support for requirements files that contain on which server dependencies are hosted with more than one choice. Would like the option to host packages locally or remotely using pypiserver or equivalent.

On the positive side, setuptool maintainers did not suggest voodoo dolls, try to wait out the planetary alignment, better economic conditions, or peace on Earth.

That's how the conversation comes off to my eyes. But form your own opinion. Especially enjoyable for folks who also enjoyed the TV series, The Office.

What are the alternatives to being stonewalled by setuptools?

Disclosure: Wrote requirements rendering package, wreck. I have my own voodoo dolls and plenty of pins

Learn Sphinx which can mix .rst and .md files. myst-parser is the package which deals with .md files.

Just up your game a bit and you'll have variables similar to Obsidian tags which doesn't cause problems when being rendered into html web site and pdf file

the OP is discussing one step before pandoc

The way forward is to make a unittest module (unfortunately author not using pytest). With characters that are taken as an example from each of the four forms.

THEN go to town testing each of the low level functions.

Suspect the test coverage is awful. mypy and flake8 also awful.

There are several forms

K1 NoSymbol K2 NoSymbol characters with lower/upper case forms

K1 K2 K1 K2 unicode <= 256 with no lower/upper case forms. Like | or + symbol

K1 K2 K3 NoSymbol 2 bytes latin extended character set

K1 K2 K3 K4 3 bytes like nuke radiation emoji

Non-authoritative guess. Having played around with xev together with onboard virtual keyboard with my symbols layout.

keysym 0 and 2 are for lower and upper case. If the character has an upper and lower case equivalents.

This is documented in keysym_group when it should be documented in keysym_normalize

 undefined

    
In that case, the group should be treated as if the first element were
the lowercase form of ``K`` and the second element were the uppercase
form of ``K``.