[Pulp-dev] pulp-owned pypi packages that pulp did not author

Evgeni Golov evgeni at redhat.com
Tue Jul 14 13:30:19 UTC 2020

Hi pulp-dev,

While packaging pulp3 (more precisely pulp-rpm), I stumbled over the
fact that the "pulp" pypi user has uploaded "solv", "libcomps" and
"createrepo-c" without being the real author. To make matters worse,
the uploads don't 100% represent the original artifacts released by
the respective upstreams as they don't release python packages but
classic tarballs. In the case of "solv" this lead to an interesting
bug: solv upstream does not build a python egg, but your package did,
and then as the pulp-rpm egg has "solv" as a dependency, it won't load on
a system that uses the "real solv" without the egg. We patched that
out in packaging, but it remains ugly.

I kinda understand why Pulp did that, this way you can rely on "pip"
to install everything for a working pulp-rpm environment, but I think
we/you shouldn't do that and instead either persuade (and help!) the real
upstreams to publish their stuff to PyPI or bite the bullet and accept
that pip is not able to install everything needed for a working


Beste Grüße/Kind regards,

Evgeni Golov
Senior Software Engineer
Red Hat GmbH, http://www.de.redhat.com/, Sitz: Grasbrunn,
Handelsregister: Amtsgericht München, HRB 153243,
Geschäftsführer: Charles Cachera, Laurie Krebs, Michael O'Neill, Thomas Savage

More information about the Pulp-dev mailing list