net-analyzer/notus-scanner NonexistentDeps: version 22.6.2: BDEPEND: nonexistent package: <dev-python/packaging-23.3 NonexistentDeps: version 22.6.2: DEPEND: nonexistent package: <dev-python/packaging-23.3 NonexistentDeps: version 22.6.2: RDEPEND: nonexistent package: <dev-python/packaging-23.3 NonsolvableDepsInDev: version 22.6.2: nonsolvable depset(bdepend) keyword(amd64) dev profile (default/linux/amd64/23.0/x32) (7 total): solutions: [ <dev-python/packaging-23.3[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInDev: version 22.6.2: nonsolvable depset(depend) keyword(amd64) dev profile (default/linux/amd64/23.0/x32) (7 total): solutions: [ <dev-python/packaging-23.3[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInDev: version 22.6.2: nonsolvable depset(rdepend) keyword(amd64) dev profile (default/linux/amd64/23.0/x32) (7 total): solutions: [ <dev-python/packaging-23.3[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInStable: version 22.6.2: nonsolvable depset(bdepend) keyword(amd64) stable profile (default/linux/amd64/23.0) (79 total): solutions: [ <dev-python/packaging-23.3[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInStable: version 22.6.2: nonsolvable depset(depend) keyword(amd64) stable profile (default/linux/amd64/23.0) (79 total): solutions: [ <dev-python/packaging-23.3[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInStable: version 22.6.2: nonsolvable depset(rdepend) keyword(amd64) stable profile (default/linux/amd64/23.0) (79 total): solutions: [ <dev-python/packaging-23.3[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] net-analyzer/ospd-openvas NonexistentDeps: version 22.6.2: BDEPEND: nonexistent package: <dev-python/packaging-24.0 NonexistentDeps: version 22.6.2: DEPEND: nonexistent package: <dev-python/packaging-24.0 NonexistentDeps: version 22.6.2: RDEPEND: nonexistent package: <dev-python/packaging-24.0 NonsolvableDepsInDev: version 22.6.2: nonsolvable depset(bdepend) keyword(amd64) dev profile (default/linux/amd64/23.0/x32) (7 total): solutions: [ <dev-python/packaging-24.0[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInDev: version 22.6.2: nonsolvable depset(depend) keyword(amd64) dev profile (default/linux/amd64/23.0/x32) (7 total): solutions: [ <dev-python/packaging-24.0[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInDev: version 22.6.2: nonsolvable depset(rdepend) keyword(amd64) dev profile (default/linux/amd64/23.0/x32) (7 total): solutions: [ <dev-python/packaging-24.0[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInStable: version 22.6.2: nonsolvable depset(bdepend) keyword(amd64) stable profile (default/linux/amd64/23.0) (79 total): solutions: [ <dev-python/packaging-24.0[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInStable: version 22.6.2: nonsolvable depset(depend) keyword(amd64) stable profile (default/linux/amd64/23.0) (79 total): solutions: [ <dev-python/packaging-24.0[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ] NonsolvableDepsInStable: version 22.6.2: nonsolvable depset(rdepend) keyword(amd64) stable profile (default/linux/amd64/23.0) (79 total): solutions: [ <dev-python/packaging-24.0[python_targets_python3_10(-),python_targets_python3_11(-),python_targets_python3_12(-)] ]
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51725071ee76d1f88396fcff09914735eb543194 commit 51725071ee76d1f88396fcff09914735eb543194 Author: Giuseppe Foti <foti.giuseppe@gmail.com> AuthorDate: 2024-03-30 20:01:18 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-03 17:34:48 +0000 net-analyzer/notus-scanner: bumping dev-python/packaging version requirement Partial fix to bug https://bugs.gentoo.org/928232 Bug: https://bugs.gentoo.org/928232 Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/36003 Signed-off-by: Florian Schmaus <flow@gentoo.org> net-analyzer/notus-scanner/notus-scanner-22.6.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Three months later, things have barely improved. If these packages manage to be so fragile about dev-python/packaging (how?), perhaps they shouldn't be in ::gentoo.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65e618b1c663a11c6eabccb58bea3e3ebc8a27f5 commit 65e618b1c663a11c6eabccb58bea3e3ebc8a27f5 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2024-07-09 06:58:28 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-07-09 07:01:36 +0000 net-analyzer/notus-scanner: adjust dev-python/packaging dep from <24.1 to <24.2 Upstream changed the dep in https://github.com/greenbone/notus-scanner/commit/bc7b91350d21cfac0d97a6d63afc7e956aac1475 which bascially directly follows the 22.6.3 tag, therefore we can also adjust the dep and clear the way for the latest dev-python/packaging. Bug: https://bugs.gentoo.org/928232 Signed-off-by: Florian Schmaus <flow@gentoo.org> .../notus-scanner/notus-scanner-22.6.3-r2.ebuild | 83 ++++++++++++++++++++++ 1 file changed, 83 insertions(+)
Ok, let me get this straight. Given that 1) packaging rarely breaks API, and 2) I'm not aware of any case where packaging broke really fragile users (as in stuff that's actually packaging related), can you please either finally get rid of these damn bogus pins, or last rite this crap? Thanks.
Michael, we are sorry, but unfortunately not everyone is as experienced with the Python ecosystem as you are. Given your expertise in Python, we trust that it most likely not an issue to drop the version constraint on the dev-python/packaging dependency and we will do so (guiseppe wants to run some test first, but I expect that there will be no issues). It would have been great if you had wrote what you wrote in comment #4 you created this issues report, as it is valuable information (even though, with some unnecessary undertone).
(In reply to Florian Schmaus from comment #5) > Michael, we are sorry, but unfortunately not everyone is as experienced with > the Python ecosystem as you are. Given your expertise in Python, we trust > that it most likely not an issue to drop the version constraint on the > dev-python/packaging dependency and we will do so (guiseppe wants to run > some test first, but I expect that there will be no issues). > > It would have been great if you had wrote what you wrote in comment #4 you > created this issues report, as it is valuable information (even though, with > some unnecessary undertone). It is a deeply unfortunate part of the python software ecosystem, but many (most?) python software is developed by people who bought into the docker apps mindset of software distribution. They specify minimum and maximum bounds for all their dependencies based on requiring the exact specific version that they themselves used upstream. It's a bit like a C program having a pkg-config check that libcurl has to be exactly 8.9.1, not 8.9.0 and not 8.10.0, solely because "we cannot promise 8.9.0 works as we haven't tested it ourselves" The pin may or may not be truthful, but most often is not, in particular if it has maximum versions. ... Possibly the most embarrassingly broken python dependency version constraint I've ever seen was the python project that pinned all versions of all dependencies including *pytz*, a project which never changes its codebase but does release new versions based on the *year*, every time it includes a new set of worldwide government updates to the data files that make up the Olson timezone database. (Which then, for obvious reasons, is unbundled to refer to the sys-libs/timezone-data package anyway.) They religiously treated "2023" as a semver boundary and allowed any updates to 2022.* but restricted to <2023. They didn't have any particular reason for why, except that they used dev-python/poetry as a build system and "poetry automatically adds version constraints by default so it must be right".
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e02dc21838ab5262f2cfae8c6643c48df1a7f482 commit e02dc21838ab5262f2cfae8c6643c48df1a7f482 Author: Giuseppe Foti <foti.giuseppe@gmail.com> AuthorDate: 2024-11-24 21:18:31 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-11-29 12:05:36 +0000 net-analyzer/notus-scanner: stabilize 22.6.3-r3, remove 22.6.2, 22.6.3-r2 Bug: https://bugs.gentoo.org/928232 Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/39455 Signed-off-by: Florian Schmaus <flow@gentoo.org> net-analyzer/notus-scanner/Manifest | 1 - .../notus-scanner/notus-scanner-22.6.2.ebuild | 81 --------------------- .../notus-scanner/notus-scanner-22.6.3-r2.ebuild | 83 ---------------------- .../notus-scanner/notus-scanner-22.6.3-r3.ebuild | 4 +- 4 files changed, 2 insertions(+), 167 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=729204550a78df5dca7c9eb661c29dc64fbb1a90 commit 729204550a78df5dca7c9eb661c29dc64fbb1a90 Author: Giuseppe Foti <foti.giuseppe@gmail.com> AuthorDate: 2024-11-24 17:48:31 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-11-29 12:05:35 +0000 net-analyzer/notus-scanner: remove version constraint on dev-python/packaging Bug: https://bugs.gentoo.org/928232 Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> ...{notus-scanner-22.6.4-r1.ebuild => notus-scanner-22.6.4-r2.ebuild} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=011a37cb61783882b40948e74c1abc83577583fa commit 011a37cb61783882b40948e74c1abc83577583fa Author: Giuseppe Foti <foti.giuseppe@gmail.com> AuthorDate: 2024-11-24 18:36:25 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-11-29 12:05:34 +0000 net-analyzer/ospd-openvas: drop 22.6.2, 22.7.0 Bug: https://bugs.gentoo.org/928232 Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/39457 Signed-off-by: Florian Schmaus <flow@gentoo.org> net-analyzer/ospd-openvas/Manifest | 2 - .../ospd-openvas/ospd-openvas-22.6.2.ebuild | 86 --------------------- .../ospd-openvas/ospd-openvas-22.7.0.ebuild | 87 ---------------------- 3 files changed, 175 deletions(-)
