Closed
Description
Hi,
I think @ArchangeGabriel already came up with this bug:
Traceback (most recent call last):
File "setup.py", line 3, in <module>
setup(
File "/usr/lib/python3.8/site-packages/setuptools/__init__.py", line 145, in setup
return distutils.core.setup(**attrs)
File "/usr/lib/python3.8/distutils/core.py", line 108, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python3.8/site-packages/setuptools/dist.py", line 446, in __init__
_Distribution.__init__(self, {
File "/usr/lib/python3.8/distutils/dist.py", line 292, in __init__
self.finalize_options()
File "/usr/lib/python3.8/site-packages/setuptools/dist.py", line 735, in finalize_options
ep.load()(self, ep.name, value)
File "/build/whipper/src/whipper-0.9.0/.eggs/setuptools_scm-3.3.3-py3.8.egg/setuptools_scm/integration.py", line 17, in version_keyword
dist.metadata.version = get_version(**value)
File "/build/whipper/src/whipper-0.9.0/.eggs/setuptools_scm-3.3.3-py3.8.egg/setuptools_scm/__init__.py", line 150, in get_version
parsed_version = _do_parse(config)
File "/build/whipper/src/whipper-0.9.0/.eggs/setuptools_scm-3.3.3-py3.8.egg/setuptools_scm/__init__.py", line 105, in _do_parse
raise LookupError(
LookupError: setuptools-scm was unable to detect version for '/build/whipper/src/whipper-0.9.0'.
This can be fixed via cloning whipper from repository, I know.
But I would like to address this problem in this issue, because...
- It makes your tarball basically useless
- It undermines security, as a sha512 checksum for a tarball is much stronger than the usual used git hashes for commit or tags. (despite this, I still think you should sign your releases with a GPG key :) )