Reject invalid classifiers, warn on license classifiers#18419
Reject invalid classifiers, warn on license classifiers#18419
Conversation
Signed-off-by: William Woodruff <william@astral.sh>
| // A classifier has two or more non-empty parts separated by ` :: `. | ||
| let mut parts = s.split(" :: "); | ||
| let valid = parts.next().is_some_and(|p| !p.is_empty()) | ||
| && parts.next().is_some_and(|p| !p.is_empty()) | ||
| && parts.all(|p| !p.is_empty()); |
There was a problem hiding this comment.
Flagging: I wrote it this way because I'm allergic to intermediate allocations, and the most "obvious" form would involve one (via Vec<&str>). Happy to change though if this seems like a silly micro-optimization 🙂
Signed-off-by: William Woodruff <william@astral.sh>
Signed-off-by: William Woodruff <william@astral.sh>
|
There's some risk we break Code looks good otherwise. |
I could probably do a batch scan of PyPI, although I think PyPI has also validated classifiers on upload for a very long time so I wouldn't expect anything in the last 7+ years to have an invalid classifier in its metadata. Still, I agree it's a risk. Do you think it makes sense to start with a warning here instead and then ratchet down in the next breaking release? |
That's perfect then! |
2 participants
Summary
This makes two changes to our handling of trove classifiers in uv's build backend:
Classifiernewtype that parses and rejects anything that looks wrong (there's no formal grammar for classifiers, so this is a pretty primitive check, but it should be enough to preempt most common user errors). We don't use an allowlist at the moment, although in principle we could do that as well/instead.PyProjectToml::license_metadatasince in the future we'll also want to produce a hard error when license classifiers are present and new-style structured license metadata is also present. That change will require a breaking release however.Closes #16354.
Test Plan
I've added some new unit tests for this, plus an integration test for the user warning.