[Bug 291209] Mk/Uses/python.mk: generalize .whl and .dist-info name in PEP517 install command

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 291209] Mk/Uses/python.mk: generalize .whl and .dist-info name in PEP517 install command"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 25 Nov 2025 13:09:47 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291209

Charlie Li <vishwin@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not Accepted
                 CC|                            |vishwin@freebsd.org
             Status|New                         |Closed
              Flags|maintainer-feedback?(python |maintainer-feedback+
                   |@FreeBSD.org)               |

--- Comment #1 from Charlie Li <vishwin@freebsd.org> ---
Absolutely not.

During the initial development of USE_PYTHON=pep517, I intentionally
implemented this aspect as a sanity and security check that
USE_PYTHON=distutils would never have. Considering that PyPI and other sources
have had typosquatting and other malware issues arising from deceptive naming,
it is important that there is a verification that the correct wheel is built
and installed. Python packaging also has strict standards for package names and
their normalisation, and they are to be enforced here as well.

Go back to bug 270358 and help fix the failing ports.

-- 
You are receiving this mail because:
You are the assignee for the bug.