4.9.0 tag move

Bug #1976407 reported by Sandro
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxml
Fix Released
Undecided
scoder

Bug Description

Hi,
I am currently updating lxml on NixOS and already prepared the 4.9.0 update yesterday.
Since yesterday the 4.9.0 tag moved. Why did this happen? Is this expected to be a common occurrence in the future?

Also the latest 4 commits (https://github.com/lxml/lxml/commits/lxml-4.9.0) for the tag do not belong to any branch. They should probably be pushed to master, too.

Revision history for this message
scoder (scoder) wrote :

I can see that it would probably be better to use pre-release tags during the release preparation phase.
Basically, as long as there is no release on PyPI, there is no release.

Changed in lxml:
status: New → Triaged
Revision history for this message
scoder (scoder) wrote :

BTW, binary wheels for the initial/original 4.9.0 tag should be exactly the same as for the final tag. No need to trash and rebuild them, Only the sdist differs slightly.

scoder (scoder)
Changed in lxml:
milestone: none → 4.9.0
status: Triaged → Fix Released
assignee: nobody → scoder (scoder)
Revision history for this message
Sandro (supersandro2000) wrote :

Using a pre-release tag would work for us since we are not updating to them.
I think we are fetching from GitHub because the pypi tarball was maybe missing test files or some other files but I would need to double check that.
Generally fetching sources from Pypi has not the highest reputation since it can easily be altert and must not match the real source code.

Since we are building from source we're not using the prebuild wheels.
For downloading we are using a TOFU model where we hash the downloaded source. If the tag is moved and something is changed in the source code, even unrelated files like README or ci files, we get a different hash and builds are failing when not cached yet.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.