Problem
Installing mixbox==1.0.5 on python 3 from PyPI, the mixbox wheel incorrectly tries to bring in weakrefmethod despite this not being actually required.
Unzipping the published wheels I see the following which is missing the python_version condition:
mixbox-1.0.5.dist-info/METADATA: (1.0.4 is broken in the same way too)
Requires-Dist: weakrefmethod (>=1.0.3)
An older wheel (1.0.3) has it correctly as follows
mixbox-1.0.3.dist-info/METADATA:
Requires-Dist: weakrefmethod>=1.0.3; python_version < "3.4"
Possible cause
I see in setup.cfg that it still has the correct python_version constraint: https://github.com/CybOXProject/mixbox/blob/v1.0.5/setup.cfg#L18
but there's also this auto-detection in setup.py: https://github.com/CybOXProject/mixbox/blob/v1.0.5/setup.py#L43
so perhaps that's what is causing the issue, if the 1.0.5 wheel was built using an older version of python (< 3.4)?
It doesn't seem right to me that the wheel's Requires-Dist should be affected by the version of python used at build time, given you're publishing a py2.py3-none-any wheel.
Effects
As a result of this for now I'm forced to install from source using e.g. mixbox-1.0.5.tar.gz in order to avoid unnecessarily installing weakrefmethod when it isn't required. Because I'm in a deliberately constrained environment which only has the necessary wheels on-disk (and stops pip from accessing the internet) the manifestation of this issue for me is as follows:
ERROR: Could not find a version that satisfies the requirement weakrefmethod>=1.0.3 (from mixbox)
ERROR: No matching distribution found for weakrefmethod>=1.0.3
though for many I guess it would just silently install the unnecessary wheel.
Problem
Installing
mixbox==1.0.5on python 3 from PyPI, the mixbox wheel incorrectly tries to bring inweakrefmethoddespite this not being actually required.Unzipping the published wheels I see the following which is missing the
python_versioncondition:mixbox-1.0.5.dist-info/METADATA: (1.0.4 is broken in the same way too)An older wheel (1.0.3) has it correctly as follows
mixbox-1.0.3.dist-info/METADATA:Possible cause
I see in setup.cfg that it still has the correct python_version constraint: https://github.com/CybOXProject/mixbox/blob/v1.0.5/setup.cfg#L18
but there's also this auto-detection in setup.py: https://github.com/CybOXProject/mixbox/blob/v1.0.5/setup.py#L43
so perhaps that's what is causing the issue, if the 1.0.5 wheel was built using an older version of python (< 3.4)?
It doesn't seem right to me that the wheel's
Requires-Distshould be affected by the version of python used at build time, given you're publishing apy2.py3-none-anywheel.Effects
As a result of this for now I'm forced to install from source using e.g.
mixbox-1.0.5.tar.gzin order to avoid unnecessarily installingweakrefmethodwhen it isn't required. Because I'm in a deliberately constrained environment which only has the necessary wheels on-disk (and stops pip from accessing the internet) the manifestation of this issue for me is as follows:though for many I guess it would just silently install the unnecessary wheel.