GNU bug report logs - #54737
gnu: python-multipart: Update to 0.2.4.

Previous Next

Full log

View this message in rfc822 format

From: Peter Polidoro <peter <at> polidoro.io>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: 54737 <at> debbugs.gnu.org
Subject: [bug#54737] gnu: python-multipart: Update to 0.2.4.
Date: Sat, 30 Jul 2022 08:19:01 -0400

[Message part 1 (text/plain, inline)]

Hi. Good catch. I may have made a mistake when choosing between these two unfortunately named pypi packages. I need one of these two as a dependency for another Guix package. I am traveling at the moment, but I will double check this when I return in a few days. If I do need multipart instead of python-multipart, perhaps there is a better way to name the Guix packages to cause less confusion. Thanks!

> On Jul 29, 2022, at 3:38 PM, Maxime Devos <maximedevos <at> telenet.be> wrote:
> 
> 
>> 
>>  (define-public python-multipart
>>    (package
>>      (name "python-multipart")
>> -    (version "0.0.5")
>> -    (source (origin
>> -              (method url-fetch)
>> -              (uri (pypi-uri "python-multipart" version))
>> -              (sha256
>> -               (base32
>> - "0hzshd665rl1bkwvaj9va4j3gs8nmb478fbvligx20663xhmzfzp"))))
>> +    (version "0.2.4")
>> +    (source
>> +      (origin
>> +        (method url-fetch)
>> +        (uri (pypi-uri "multipart" version))
>> +        (sha256
>> +          (base32 "1jr24lm931pkh4x0amr19w5qknrckcg4z3k1zvz9cw5wc19j1fh6"))))
> 
> What's the reason for changing from the python-multipart to multipart? I've looked at the home page and the pypi page, and it doesn't state that the latter is a successor of the former, so these look like unrelated projects or a typosquatting attack.
> 
> Greetings,
> Maxime.

[OpenPGP_0x49E3EE22191725EE.asc (application/octet-stream, attachment)]

[OpenPGP_signature (application/octet-stream, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.