Claim "sage" package on PyPI, replace unexplained package "sage 0.0.0"

[mkoeppe]

Someone with the user name dhagrow uploaded a package sage, version 0.0.0, to PyPI in 2018. The package provides no description nor contact information. This is harmless, but could cause confusion.

Python packages may want to declare sage as a dependency in their setup.py and requirements.txt - as this is the name of the Python package for the Sage library defined in SAGEROOT/src/setup.py.

https://pypi.org/project/sage/

Upstream: Reported upstream. No feedback yet.

CC: @jdemeyer @vbraun @dimpase @isuruf @embray

Component: distribution

Issue created by migration from https://trac.sagemath.org/ticket/28796

[dimpase]

comment:1

links on their other submissions to pypi lead to https://github.com/dhagrow

[embray]

comment:3

The package itself is also empty. It just contains a sage/__init__.py containing __version__ = '0.0.0'.

PEP 541 includes procedures and conditions for requesting an ownership transfer on PyPI.

[embray]

comment:4

Ticket retargeted after milestone closed

[dimpase]

comment:7

I've written to the author of "sage" here: dhagrow/profig#20

[dimpase]

Upstream: Reported upstream. No feedback yet.

[mkoeppe]

comment:9

Setting new milestone based on a cursory review of ticket status, priority, and last modification date.

[williamstein]

I'm now an owner of this sage repo. I was tired of people regularly doing "pip install sage" on cocalc, then breaking their use of the sage jupyter kernel as a result (this just kept happening). I haven't decided what to do next, but at least I have the ability to do something. Ideas?

Maybe we can make "pip install sage" fail with a nice error message?

[mkoeppe]

A nice clean error message would be good, with a link to the Sage installation guide.

[mkoeppe]

The source of this package could go into the directory pkgs/sage of the repo. I can create a PR for this if that seems a good solution to you.

[williamstein]

@mkoeppe what is your PyPi username? I can add you as a co-owner of this pypi package, and then you can take care of the rest (regarding actually pushing the new code that shows an error message).

[mkoeppe]

It's mkoeppe

[mkoeppe]

Thanks @williamstein . As a first step, I have yanked the 0.0.0 release. This gives:

$ pip install sage
ERROR: Ignored the following yanked versions: 0.0.0
ERROR: Could not find a version that satisfies the requirement sage (from versions: none)
ERROR: No matching distribution found for sage

and

$ pip install sage==0.0.0
Collecting sage==0.0.0
  Downloading sage-0.0.0.tar.gz (688 bytes)
  Preparing metadata (setup.py) ... done
WARNING: The candidate selected for download or install is a yanked version: 'sage' candidate (version 0.0.0 at https://files.pythonhosted.org/packages/2d/48/178b646ad89db328b6f32c570039b017ff0b0b9301faa90d020f555bed42/sage-0.0.0.tar.gz (from https://pypi.org/simple/sage/))
Reason for being yanked:  See https://doc.sagemath.org/html/en/installation/index.html for instructions how to install SageMath. (This is not the package that you are looking for.)
Building wheels for collected packages: sage
  Building wheel for sage (setup.py) ... done
  Created wheel for sage: filename=sage-0.0.0-py3-none-any.whl size=1077 sha256=fcb162602d474d62f79682fb13c2fc5c16a8b6d851e71e769c45511a135a20d1
  Stored in directory: /Users/mkoeppe/Library/Caches/pip/wheels/da/58/ae/29d477e323f011485fefed6e5c3954031f01e9d1681656a720
Successfully built sage
Installing collected packages: sage
Successfully installed sage-0.0.0

[williamstein]

Excellent -- for me this is enough to solve my problem, and is a great first step. Thanks!!