Missing release tags

[ieure]

Hello,

I created the jellyfin-mpv-shim package for Guix, and was looking at updating it, since I see there's a new release. It looks like there were some metadata changes made after the 2.7.0 release was cut, which has caused some misalignment between the various pieces. PyPI has 2.7.0, 2.7.0.post1, and 2.7.0.post2 releases, while GitHub only has 2.7.0; and the .appdata.xml declares the two "post" releases to be 2.7.0 instead of the version in setup.py.

This caused some initial confusion, as I wasn't sure if the PyPI releases were legitimate, since I didn't see them reflected in the source repo.

I don't think there's much that can be done about this now, since tagging the two "post" releases would produce a weird-looking release in GH, and they'd still have the setup.py vs .appdata.xml version misalignment.

WDYT of cutting 2.7.1 just to get everything aligned again?

Thank you for the project, I use it almost every day.

[iwalton3]

The post releases are benign and simply fix Flatpak builds failures. For all other intents and purposes they are equivalent.

[ieure]

I understand, I grabbed all three releases tarballs and diffed them to see what was going on. After the xz debacle, it was somewhat alarming to see a release in PyPI that wasn't in the source repo, so I double-checked to make sure nothing nefarious was going on. While there's no functional code change, packaging metadata is IMO also an important part of a project.

Since this is a stable project with a naturally slower release cycle, it seems like it'll be a while until the next release, and others are likely to get confused by this situation in the meantime. A 2.7.1 release would prevent that.

I understand this is a mostly one-person hobby project, so I completely get that you'd want to spend your time elsewhere. No worries if you don't want to cut a release over this -- feel free to close the issue if that's the case -- but I thought it was a good idea worth asking after.

Thank you for the prompt response.