watch out for .pyc files in uploads to pypi

[yarikoptic]

atm, tarball I have fetched from pypi contains some .pyc's I believe

$> tar -tzvf ../tarballs/python-git_2.0.1.orig.tar.gz | grep '\.pyc'
-rw-r--r-- nvie/staff      150 2016-04-22 07:05 GitPython-2.0.1/git/test/performance/__init__.pyc
-rw-r--r-- nvie/staff     3367 2016-04-22 07:05 GitPython-2.0.1/git/test/performance/lib.pyc
-rw-r--r-- nvie/staff     3785 2016-04-22 07:05 GitPython-2.0.1/git/test/performance/test_commit.pyc
-rw-r--r-- nvie/staff     2344 2016-04-22 07:05 GitPython-2.0.1/git/test/performance/test_odb.pyc
-rw-r--r-- nvie/staff     4418 2016-04-22 07:05 GitPython-2.0.1/git/test/performance/test_streams.pyc

[Byron]

Quite amazing that you can see the username and groupname by extracting a tar archive. Should I be worried ?

[nvie]

Thanks for bringing this to our attention! I can verify this behaviour. To replicate, I cleaned all of my *.pyc files from my work dir, then re-ran python setup.py sdist. This builds a *.tar.gz file without these *.pyc files. However, if I first run tox, and then build python setup.py sdist, these 5 *.pyc files are included in the archive. Why just these 5 and not the others is still something I'm looking into.

[nvie]

(The username and group name are quite normal to find in tarballs, btw.)

[nvie]

I believe this is now fixed by 25c95ac.

[nvie]

Thanks for reporting!

[Byron]

I'd like to introduce you two, just in case you don't know each other yet. @nvie is the one contributor of GitPrime that I happen to know by name, who by now can do anything from pushing to all repos to making new releases. @yarikoptic has been with the project for quite a while as maintainer of the debian packages.
Thanks again to the both of you !

[yarikoptic]

thanks @Byron for the introduction ;) @nvie, "I am not a whiner but that is my life" would be my self-introduction to clarify my role here I guess. We also use GitPython somewhat in our http://github.com/datalad/datalad project, so I am quite often to whine first ;)

as for uploads to pypi, if you are up for it, you could automate them even further, see e.g. https://docs.travis-ci.com/user/deployment/pypi and http://5minutes.youkidea.com/howto-deploy-python-package-on-pypi-with-github-and-travis.html . I did that for duecredit project. Seems to work quite nicely. The only work of caution is that both tag and state of the branch (i.e. master tagging/release from it) should be uploaded at the same time.

[nvie]

Thanks, @Byron! Good to meet you, @yarikoptic. We're using GitPython extensively at www.gitprime.com, and we're investing in its maintenance and further feature development. Thanks for the links, I'll have a look.