Menu
▾
▴
python-ldap-dev
|
From: Roland H. <rol...@ad...> - 2009-04-06 07:06:53
|
Hi! My goal: to 'bundle' pyton-ldap as part of a service distribution. The necessary software for this distribution is a among other a set of Python packages like python-ldap, Twisted and rdflib and a a couple of packages I've developed in python myself, but to get the full service functionality I will have to include a graph database written in Java and possibly also an Apache server. easy_install seems to me to be limited to handle distributions of python packages and to handle their dependences on other python packages, but this is far from what I need. So, I'm looking at buildout from Zope. More specifically I'm contemplating writing a buildout recipe for installing python-ldap. Running such a recipe would not only result in fetching python-ldap by ftp or http from a site but could also include doing configuration before installation as well as after. Anyone done anything like this ? One problem I've already found is that there doesn't seem to exist a simple stable FTP/HTTP URL that points to the latest distribution. --Roland |
|
From: Michael S. <mi...@st...> - 2009-04-06 07:38:06
|
Roland Hedberg wrote: > One problem I've already found is that there doesn't seem to exist a > simple stable FTP/HTTP URL that points to the latest distribution. Do you need a URL which is always the same but points to the latest tar.gz file? Ciao, Michael. |
|
From: Roland H. <rol...@ad...> - 2009-04-06 09:19:58
|
On Apr 6, 2009, at 9:37, Michael Ströder wrote: > Roland Hedberg wrote: >> One problem I've already found is that there doesn't seem to exist a >> simple stable FTP/HTTP URL that points to the latest distribution. > > Do you need a URL which is always the same but points to the latest > tar.gz file? I'd prefer to be able to pick the version I want. It's not always wise to go with the latest. --Roland |
|
From: Michael S. <mi...@st...> - 2009-04-06 12:10:36
|
Roland Hedberg wrote: > > On Apr 6, 2009, at 9:37, Michael Ströder wrote: > >> Roland Hedberg wrote: >>> One problem I've already found is that there doesn't seem to exist a >>> simple stable FTP/HTTP URL that points to the latest distribution. >> >> Do you need a URL which is always the same but points to the latest >> tar.gz file? > > I'd prefer to be able to pick the version I want. Hmm, at the moment I hide older releases from the download area. Also there is the idea to move away from Sourceforge anyway in the long run. > It's not always wise to go with the latest. At the moment it is (within the 2.3 series). Still I'd recommend to stick with setuptools and integrate this with your own installation procedure. I'm maintaining python-ldap's PyPI record. It will always point to the right python-ldap distribution. Ciao, Michael. |
|
From: Jens V. <je...@da...> - 2009-04-06 12:47:15
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 6, 2009, at 14:10 , Michael Ströder wrote: >> It's not always wise to go with the latest. > > At the moment it is (within the 2.3 series). Unfortunately that's not true. I've ben in many situations where I really needed older versions (like 2.0.8 or 2.1.x), but it was a real drag to find them. It certainly was not possible to get them off PyPI, which is (at least for me) the easiest way to integrate any Python package. jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknZ9AoACgkQRAx5nvEhZLKhmACfVXGygOtyWPRbkWePdUja6i/U cEIAoIBnoBJINi4M2moE7dkKMqya/8L8 =hT4Y -----END PGP SIGNATURE----- |
|
From: Michael S. <mi...@st...> - 2009-04-06 12:55:21
|
Jens Vagelpohl wrote: > > On Apr 6, 2009, at 14:10 , Michael Ströder wrote: > >>> It's not always wise to go with the latest. >> At the moment it is (within the 2.3 series). > > Unfortunately that's not true. I've ben in many situations where I > really needed older versions (like 2.0.8 or 2.1.x), Can you please tell us why? Ciao, Michael. |
|
From: Jens V. <je...@da...> - 2009-04-06 13:07:06
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 6, 2009, at 14:55 , Michael Ströder wrote: > Jens Vagelpohl wrote: >> >> On Apr 6, 2009, at 14:10 , Michael Ströder wrote: >> >>>> It's not always wise to go with the latest. >>> At the moment it is (within the 2.3 series). >> >> Unfortunately that's not true. I've ben in many situations where I >> really needed older versions (like 2.0.8 or 2.1.x), > > Can you please tell us why? Simple example: A server with an old version of OpenLDAP on it, like 2.2.x, which I don't control and cannot upgrade. For the customers' needs it's perfectly fine to just go with an older version of python- ldap. Sometimes I've had to resort to building OpenLDAP separately, just to use python-ldap, and just because I wanted to use the python-ldap egg and the only eggs available are 2.3.x. Seems a bit silly, don't you think? I'm not asking you to spend extra time and put old versions onto PyPI now. What I would like to see is a policy of making sure once a release is on PyPI it's not removed, ever. That way automated buildouts can rely on finding the versions they have configured in. And if you wanted to share PyPI admin duties I'd be happy to find older versions and upload them to PyPI as well. jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknZ/m4ACgkQRAx5nvEhZLKWCQCfb1YUkDMBrkBUShgtVyBM5F5F 70YAoKbrtlIhR/X/AWCyDWaY+F5uTMM+ =amn5 -----END PGP SIGNATURE----- |
|
From: Jens V. <je...@da...> - 2009-04-06 13:10:15
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 P.S.: To avoid any confusion, I'm not arguing for official support for old versions. Just an easy way (like PyPI) to get hold of them. SourceForge is, in my very personal opinion, garbage. You never know which mirror holds what. You never know if a URL you had one moment will work the next. On PyPI, URLs work unless someone takes the explicit step of deleting a package. jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknZ/y8ACgkQRAx5nvEhZLK/rwCfaaew7Qw7ufA4tVRciQj0LDuV +qYAnRcAyAsba6pGfAuY2cN5UhFsYz7S =efE6 -----END PGP SIGNATURE----- |
|
From: Michael S. <mi...@st...> - 2009-04-06 14:21:31
|
Jens Vagelpohl wrote: > On Apr 6, 2009, at 14:55 , Michael Ströder wrote: >> Jens Vagelpohl wrote: >>> On Apr 6, 2009, at 14:10 , Michael Ströder wrote: >>> >>>>> It's not always wise to go with the latest. >>>> At the moment it is (within the 2.3 series). >>> Unfortunately that's not true. I've ben in many situations where I >>> really needed older versions (like 2.0.8 or 2.1.x), >> Can you please tell us why? > > Simple example: A server with an old version of OpenLDAP on it, like > 2.2.x, which I don't control and cannot upgrade. I suspected something like this. ;-) > For the customers' needs it's perfectly fine to just go with an older > version of python- ldap. As long as there aren't any security holes in older versions of python-ldap and/or libldap. Nobody will fix them. > Sometimes I've had to resort to building OpenLDAP separately, just to > use python-ldap, and just because I wanted to use the python-ldap egg > and the only eggs available are 2.3.x. Seems a bit silly, don't you > think? No, personally I don't think so. Given that even OpenLDAP 2.3 is almost out-of-service it's wiser to go with a more recent version. > I'm not asking you to spend extra time and put old versions onto PyPI > now. What I would like to see is a policy of making sure once a > release is on PyPI it's not removed, ever. That way automated > buildouts can rely on finding the versions they have configured in. Hmm, will think about it. If someone has a urgent need I could provide older releases. > And if you wanted to share PyPI admin duties I'd be happy to find > older versions and upload them to PyPI as well. Noted. Thanks. Ciao, Michael. |
|
From: Jens V. <je...@da...> - 2009-04-06 14:29:04
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 6, 2009, at 16:21 , Michael Ströder wrote: > Jens Vagelpohl wrote: >> For the customers' needs it's perfectly fine to just go with an older >> version of python- ldap. > > As long as there aren't any security holes in older versions of > python-ldap and/or libldap. Nobody will fix them. I know all that. Think of a server that's on the LAN and not on the internet. No security issues expected, and there is no expectation that the old library will be secure. So really no worries whatsoever from that side. >> Sometimes I've had to resort to building OpenLDAP separately, just to >> use python-ldap, and just because I wanted to use the python-ldap egg >> and the only eggs available are 2.3.x. Seems a bit silly, don't you >> think? > > No, personally I don't think so. Given that even OpenLDAP 2.3 is > almost > out-of-service it's wiser to go with a more recent version. If you're maintaining older systems that have worked very well in the past and that don't have any benefit from later security/functionality enhancements (e.g. they don't need to be secured) then it becomes counterproductive to ask the customer to upgrade. Especially when there's no need to upgrade apart from "then I will have an easier time installing python-ldap". > Hmm, will think about it. If someone has a urgent need I could provide > older releases. That's not the issue, though :-) I know I can find them through Google, or by asking you. I'm only asking for an *easy* way of getting them that integrates well with automated buildouts - like eggs in a sane place such as PyPI. jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknaEasACgkQRAx5nvEhZLJpcQCfYSswi8mSKsL3yZ15cnCajUQb LJQAn2KYt4OPUGh1Ihx3y9FgvfFNlbD7 =flwK -----END PGP SIGNATURE----- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X