Does a python2-matplotlib exist anywhere for Leap 15.4?
All, I have a need for python2 matplotlib. Does it exist anywhere? I can't find it on software.opensuse.org (I can for SLE). While I have it for python3, I have several old (long) python2 scripts I'd rather not have to update, but would like to compare output from. -- David C. Rankin, J.D.,P.E.
Hello, In the Message; Subject : Does a python2-matplotlib exist anywhere for Leap 15.4? Message-ID : <818f18c9-4def-482c-8002-f7d532179151@suddenlinkmail.com> Date & Time: Wed, 6 Sep 2023 01:45:31 -0500 [DCR] == "David C. Rankin" <drankinatty@suddenlinkmail.com> has written: DCR> All, DCR> I have a need for python2 matplotlib. Does it exist anywhere? DCR> I can't find it on software.opensuse.org (I can for SLE). While DCR> I have it for python3, I have several old (long) python2 scripts DCR> I'd rather not have to update, but would like to compare output DCR> from. I know this is for Leap 15.3, but I thought this might work. It could also be used for Tumbleweed. https://www.rpmfind.net/linux/RPM/opensuse/15.3/x86_64/python2-matplotlib-2.... Regards. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " Hassabis says that no one really knows for sure that AI will become a major danger. But he is certain that if progress continues at its current pace, there isn’t much time to develop safeguards. "I can see the kinds of things we're building into the Gemini series right, and we have no reason to believe that they won't work," he says." -- "Google DeepMind's CEO Says Its Next Algorithm Will Eclipse ChatGPT" --
On 9/6/23 02:09, Masaru Nomiya wrote:
I know this is for Leap 15.3, but I thought this might work. It could also be used for Tumbleweed. https://www.rpmfind.net/linux/RPM/opensuse/15.3/x86_64/python2-matplotlib-2....
Thank you, I'll give it a go. -- David C. Rankin, J.D.,P.E.
On 9/6/23 03:09, David C. Rankin wrote:
On 9/6/23 02:09, Masaru Nomiya wrote:
I know this is for Leap 15.3, but I thought this might work. It could also be used for Tumbleweed. https://www.rpmfind.net/linux/RPM/opensuse/15.3/x86_64/python2-matplotlib-2....
Thank you, I'll give it a go.
Grrr... Fell into dependency-hell: Selecting 'python-backports.functools_lru_cache-1.2.1-1.37.noarch' from repository 'Plain RPM files cache' for installation. Selecting 'python2-matplotlib-2.2.5-bp153.1.21.x86_64' from repository 'Plain RPM files cache' for installation. Resolving package dependencies... Force resolution: No 2 Problems: Problem: nothing provides 'python-backports' needed by the to be installed python-backports.functools_lru_cache-1.2.1-1.37.noarch Problem: nothing provides 'python2-functools32' needed by the to be installed python2-matplotlib-2.2.5-bp153.1.21.x86_64 Problem: nothing provides 'python-backports' needed by the to be installed python-backports.functools_lru_cache-1.2.1-1.37.noarch Solution 1: do not install python-backports.functools_lru_cache-1.2.1-1.37.noarch Solution 2: break python-backports.functools_lru_cache-1.2.1-1.37.noarch by ignoring some of its dependencies Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c/d/?] (c): c I'll just use the Pi for that.... -- David C. Rankin, J.D.,P.E.
use pip (from Python2) to install matplotlib
On 6 Sep 2023, at 09:45, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
All,
I have a need for python2 matplotlib. Does it exist anywhere? I can't find it on software.opensuse.org (I can for SLE). While I have it for python3, I have several old (long) python2 scripts I'd rather not have to update, but would like to compare output from.
-- David C. Rankin, J.D.,P.E.
On 9/6/23 03:39, Andrei Verovski wrote:
use pip (from Python2) to install matplotlib
That's an idea, but I'm generally opposed to using any magic installer from python, etc.. that could pull in compromised packages. Things are getting better, but software supply-chain vulnerabilities have been big issues this past year. Zypper and RPM have been good (as well as the other package mangers, apt, dpkg, pacman, etc..) I don't know enough about pip to know if I can trust it or not. (though I recall or a pypi repo being compromised not too long ago) -- David C. Rankin, J.D.,P.E.
Hi, For Python pip is a primary repository installer, not RPM/DEB.
On 10 Sep 2023, at 11:52, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
On 9/6/23 03:39, Andrei Verovski wrote:
use pip (from Python2) to install matplotlib
That's an idea, but I'm generally opposed to using any magic installer from python, etc.. that could pull in compromised packages. Things are getting better, but software supply-chain vulnerabilities have been big issues this past year. Zypper and RPM have been good (as well as the other package mangers, apt, dpkg, pacman, etc..)
I don't know enough about pip to know if I can trust it or not. (though I recall or a pypi repo being compromised not too long ago)
-- David C. Rankin, J.D.,P.E.
On 9/11/23 07:42, Andrei Verovski wrote:
Hi, For Python pip is a primary repository installer, not RPM/DEB.
Yep, In therein lies the problem. pip can pull in any repo it thinks it needs from anywhere. That has been an attack vector used to great effect within the past year, e.g. PyTorch ML framework compromised in supply chain attack https://www.techrepublic.com/article/pytorch-ml-compromised/ Actors behind PyPI supply chain attack have been active ... https://arstechnica.com/information-technology/2022/09/actors-behind-pypi-su... Supply Chain Attack Detected in PyPI Library - Bitdefender https://www.bitdefender.com/blog/hotforsecurity/supply-chain-attack-detected... ... and so on. That's one reason I really do not like python. There is nothing but loose "trust me I'm a dev, go ahead 'import myfoo'" that governs what code is pulled in by any python project. While we would all like to believe that all python devs are meticulous in validating the security aspect of the code they pull in to accomplish task 'X', we know in the real-world it's usually a quick web-search for what does 'X' a hasty download and an addition of 'import libForX' to their project to check if 'X' works and that's about it. (now don't get me wrong, matplotlib is likely in a much better position than any old run-of-the-mill package to have checks on where each package it relies on is pulled from and it is more that likely 100% fine to pull it in with pip) Like I said, since these problems have come to light, more scrutiny is being placed on the pip-PyPi setup -- but there is only so much manpower available. It seems to be more in the "whack-a-mole" state than a fully-hardened secure state. -- David C. Rankin, J.D.,P.E.
I'm in full agreement about this. Also, using OBS for this allows you to track updates and whatnot in fashion consistent with the rest of SUSE. As a developer, I have issues with PIP as a package manager. It's dependency resolving is not consistent and often incorrect. Demonstrably. On Tue, Sep 12, 2023 at 5:57 AM David C. Rankin < drankinatty@suddenlinkmail.com> wrote:
On 9/11/23 07:42, Andrei Verovski wrote:
Hi, For Python pip is a primary repository installer, not RPM/DEB.
Yep,
In therein lies the problem. pip can pull in any repo it thinks it needs from anywhere. That has been an attack vector used to great effect within the past year, e.g.
PyTorch ML framework compromised in supply chain attack https://www.techrepublic.com/article/pytorch-ml-compromised/
Actors behind PyPI supply chain attack have been active ...
https://arstechnica.com/information-technology/2022/09/actors-behind-pypi-su...
Supply Chain Attack Detected in PyPI Library - Bitdefender
https://www.bitdefender.com/blog/hotforsecurity/supply-chain-attack-detected...
... and so on. That's one reason I really do not like python. There is nothing but loose "trust me I'm a dev, go ahead 'import myfoo'" that governs what code is pulled in by any python project.
While we would all like to believe that all python devs are meticulous in validating the security aspect of the code they pull in to accomplish task 'X', we know in the real-world it's usually a quick web-search for what does 'X' a hasty download and an addition of 'import libForX' to their project to check if 'X' works and that's about it.
(now don't get me wrong, matplotlib is likely in a much better position than any old run-of-the-mill package to have checks on where each package it relies on is pulled from and it is more that likely 100% fine to pull it in with pip)
Like I said, since these problems have come to light, more scrutiny is being placed on the pip-PyPi setup -- but there is only so much manpower available. It seems to be more in the "whack-a-mole" state than a fully-hardened secure state.
-- David C. Rankin, J.D.,P.E.
-- Roger Oberholtzer
participants (4)
-
Andrei Verovski -
David C. Rankin -
Masaru Nomiya -
Roger Oberholtzer