Setuptools: Specifying two version constraints without a space / comma does not fail

Unfortunately this is not a bug, 1.0.0<2.0.0 is a valid, albeit "legacy" version:

>>> from packaging.requirements import Requirement
>>> req = Requirement('requests>=1.0.0<2.0.0')
>>> list(req.specifier)
[<LegacySpecifier('>=1.0.0<2.0.0')>]
>>> req.specifier.contains('2.21.0')
True

See here: https://github.com/pypa/packaging/blob/master/packaging/specifiers.py#L207-L219

Yeah, I agree with @di here. I think the best we could do is raise a warning that a given specifier is not PEP 440 compliant, but that has two problems:

1. The build process is generally so spammy (and essentially never done in an interactive environment) that I'm pretty sure warnings during builds are not commonly spotted, so this is not a particularly useful communications channel.
2. If some project is using one of these non-PEP440 compliant versions, their users are not the right person to be warning since those users likely can do nothing about it, and would just have to ignore the warning.

Perhaps a warning or error would be appropriate in pip if the requirement specified contains non-PEP440 version identifiers but the project only has published PEP 440-compliant versions? setuptools doesn't have enough information to detect that, but pip might, and that's more likely than not to be a legitimate error.

Perhaps it's time to just deprecate "legacy" versions? PEP 440 was created just over 6 years ago.