If you try to AutoInstall hiredis 2.0.0, autoinstall.Package.archives will find two packages: (Pdb) pp self.archives() [hiredis-2.0.0, hiredis-2.0.0] (Pdb) pp self.archives()[0].link 'https://files.pythonhosted.org/packages/0c/39/eae11344d69ba435ec13d6bcc1a9eea3d2278324506fcd0e52d1ed8958c8/hiredis-2.0.0.tar.gz' (Pdb) pp self.archives()[1].link 'https://files.pythonhosted.org/packages/24/4d/404526ef79b397900aee60f83e0c7f3d8d4740758b29f086db3d2d1f2409/hiredis-2.0.0.dev0.tar.gz' Given we're meant to be doing exact matching, the latter shouldn't match. Surprisingly, we seem to install the self.archives()[-1], which given the ordering of pypi.org will give us the oldest release we found (so 2.0.0.dev0 in this case). Undoubtedly some of our problem here comes from the fact that Version doesn't accurately implement https://peps.python.org/pep-0440/; to repeat my mantra from elsewhere, "it sure would be nice if we could just rely on packaging" and in this case just use packaging.version.Version.
We also seem to be installing mock==4.0.0b1 today.
Also in packages we currently install, Twisted==21.2.0rc1
<rdar://problem/115233592>