Python package available only on Pypi, with outdated GitHub repo

doronbehar · June 23, 2025, 3:21pm

I have a dilemma I’d like to share, regarding credibility and trustworthy of an upstream development group:

3 Python packages by this organization:

Are available on Pypi:

But, the versions on Pypi lag behind the tags in GitHub, and the latest commits on GitHub are also lagging behind the latest Pypi releases - meaning they are not pushing anything to the GH repository. I went even further and asked them about this here:

And they ignored it. Not only that, I asked 2 questions on 2 different topics, and they replied to me after a ~month. This all behavior feels very fishy, and I wonder what people would say in defense or offense of these developers.

I’m slightly interested in the functionality of this software, but I can live without it.

NobbZ · June 23, 2025, 3:54pm

They claim that the code is licensed under (L)GPL v3, there is nothing to their defense…

One could argue, that python packages are just tarballed sourcecode but it still feels itchy…

iwanb · June 23, 2025, 7:56pm

For comet_maths it seems that the current code is on the branch “v1.0.2” rather than main: fix interpolation extrapolation when interpolating to single x value. · comet-toolkit/comet_maths@770a46a · GitHub

Same for punpy (well it’s still 1 version behind): GitHub - comet-toolkit/punpy at develop

While not ideal, I can understand that a single developer would not care too much about this (especially in fields which are not primarily programming oriented). In the end what gets used in practice are the versions on PyPI, not GitHub.

I think we also have to be careful when pushing nix problems onto projects, it’s perfectly fine for Python packages to have circular dependencies, even if not best practice: Decouple circular depencies between all comet-toolkit projects · Issue #17 · comet-toolkit/punpy · GitHub