[QA] Run UploadWizard API integration test against production...
Gergo Tisza
gtisza at wikimedia.org
Wed Jan 22 23:24:23 UTC 2014
Google brings up this:
sudo pip install pilDownloading/unpacking PIL You are installing a
potentially insecure and unverifiable file. Future versions of pip
will default to disallowing insecure files. Downloading
PIL-1.1.7.tar.gz (506kB): 506kB downloaded
from a couple months ago, so apparantly pip's behavior regarding offsite
packages changed since then. (Or maybe you have a non-default setting -
mediawiki-vagrant with standard settings worked fine just a few days ago).
Couldn't you just use --allow-external? With something as big as PIL it
shouldn't be a security issue. As Aaron said, downgrading is not a problem
for us, but adding a command-line parameter would be even simpler.
On Wed, Jan 22, 2014 at 2:27 PM, Aaron Arcos <aarcos.wiki at gmail.com> wrote:
> I don't think 1.1.7 is need, I just specified that because it was the
> latest version.
> Can you guys try with 1.1.6? If you don't like this route, the Pillow fork
> is also fine.
> I checked the documentation and the code should work with any of these
> choices.
> Let me know if any issues though.
>
> Thanx !
>
>
>
> On Wed, Jan 22, 2014 at 1:44 PM, Antoine Musso <amusso at wikimedia.org>wrote:
>
>> Le 22/01/14 08:49, Željko Filipin a écrit :
>> > Downloading/unpacking PIL>=1.1.7 (from -r test/api/requirements.txt
>> > (line 3))
>> > Could not find any downloads that satisfy the requirement PIL>=1.1.7
>> > (from -r test/api/requirements.txt (line 3))
>> > Some externally hosted files were ignored (use --allow-external PIL to
>> > allow).
>> > Cleaning up...
>> > No distributions at all found for PIL>=1.1.7 (from -r
>> > test/api/requirements.txt (line 3))
>>
>> That is interesting. PIL is a popular library unfortunately the pip
>> repository still has version 1.1.6:
>>
>> https://pypi.python.org/pypi/PIL
>>
>> Although upstream released 1.1.7:
>>
>> http://www.pythonware.com/products/pil/
>>
>>
>> Aaron, would it make sense to migrate to the Pillow fork which is
>> properly updated on pypi ?
>>
>> https://pypi.python.org/pypi/Pillow/2.3.0
>>
>> The API is most probably slightly different so that would need some code
>> to be changed in the python smoke test script.
>>
>>
>> --
>> Antoine "hashar" Musso
>> Mob.: +33 6 98 81 18 38 -- Skype: hashar
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/qa/attachments/20140122/ea9cfdb6/attachment-0001.html>
More information about the QA
mailing list