[Debian-med-packaging] Bug#1054591: python3-pyflow: ${VERSION} not expanded in package metadata, causing PEP-440 validation failures
Stefano Rivera
stefanor at debian.org
Thu Oct 26 14:46:37 BST 2023
Package: python3-pyflow
Version: 1.1.20-4
Severity: serious
Filing this as serious severity, because it has the risk of breaking
unrelated software.
The background here is that setuptools since 66 has required PEP-440
valid versions for all packages installed on a system. Pip makes a noise
about this since 23.3 in preparation for completely rejecting them in
pip 24.
https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813
https://github.com/pypa/pip/issues/12063
It looks like ${VERSION} is never expanded in setup.py. I suspect this
is because you are grabbing source from GitHub, and not using tarballs
from "scratch/make_release_tarball.bash"
Please provide a valid version in the package metadata.
$ python3 -c 'import pkg_resources; pkg_resources.require("pyFlow")'
This affects bookworm too, if a virtualenv has --system-site-packages
(less common) and upgraded setuptools (very common).
Stefano
More information about the Debian-med-packaging
mailing list