[Catalog-sig] PEP 345 Update
Tres Seaver
tseaver at palladion.com
Fri Aug 27 23:08:08 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
P.J. Eby wrote:
> At 02:47 PM 8/26/2010 +0200, Alexis Métaireau wrote:
>> Right, the installation *will not* cause problems, but they will
>> apear after that. If so, we have two choices:
>> - First is to tell nothing to the user about that, and I think
>> that's a good option, as it could result in a end user bad
>> experience (if that's not handled at the installation level, what
>> will handle this?)
>> - Second is to prompt the user about what he want to do: Do we have
>> to install the release/distribution, even if it can cause problems
>> while running them? Are you sure you want to install both, even if
>> it could lead to such issues ?, etc.
>
> Informing the user about the conflict isn't a bad idea... but then
> again, it sounds like something that would normally be covered in a
> project's README.
>
> Notice here the difference between the Python environment and a Linux
> distribution: the distribution is not merely *installing* software,
> it is also *deploying* it in some sense -- such software is
> preconfigured as well as installed, and integrated with the system as a whole.
>
> However, that same software as released by its author is not so
> integrated and preconfigured, and thus, these conflict issues cannot
> necessarily even be *known* in advance by the author.
>
> IMO, then, the very ideas of Obsoletes and Conflicts are broken in
> the software *distribution* context, vs. the software "integration"
> or "deployment" context. System packagers can make these kind of
> evaluations in the context of their supported integration.
>
> However, with the exception of informing people about an obsoleted
> package of theirs, these are not judgments that can be made so
> unequivocally by the individual author of a piece of software, as
> they have no overview of the integrated whole (as a system
> integrator/distributor does).
>
>
>
>>> In other words, none of the above is actually a use-case for having
>>> a "Conflicts" field.
>> I have pain to imagine use cases where conflicts could raise at the
>> *installation* level too, but the question seems to be: "do we need
>> something to describe installation-related conflicts, or run-related
>> conflicts ? In debian apt system, conflicts are described for
>> "on-run" issues, IIRC.
>
> ...and they're described relative to a specific runtime environment,
> which won't really be the case for the individual Python package author.
>
>
>>> Here's the thing: so far I'm the ONLY person in the discussion who
>>> has even offered an example of when Obsoletes would be used... and
>>> for the two examples I gave, I would totally be willing to make a
>>> new release for them to include that field, if there was some
>>> benefit (e.g. user notification) to having the field.
>> And that's the use case described in the PEP. So, now, we have to
>> choose if it's acceptable to make a new release for updating this
>> field, or not.
>
> I was just pointing out that so far, 100% of the people who have
> given use cases for Obsoletes are fine with having to issue a new
> release to make it Obsoleted-By. ;-)
>
> (However, PyPI already allows metadata field editing of an
> already-released package, so as long as the new field were added to
> the existing editable fields, that'd be fine too.)
>
>
>
>>> (Note that forked packages using the same API only conflict because
>>> of *installing conflicting files* -- so if you're thinking of a
>>> fork as your example here, it is leading you to confuse the ideas
>>> of Obsoletes and Conflicts.)
>> I was not thinking about a fork, but about a new rename. That said,
>> I must admit that the difference between the two fields is sometimes
>> hard to see.
>
> At this point, the only reasonable use of either is to inform the
> user about something, and in the case of Obsoletes, it's not
> necessarily even the user who's doing the installing! If somebody
> installs Foo that depends on RuleDispatch, they are not necessarily
> in a position to port Foo to using PEAK-Rules. So, only in the case
> where you are declaring a direct dependency from your package to the
> obsoleted package, or where you are directly installing the obsoleted
> package, do you even need to know anything about it.
>
> In the case of conflicts, conflicts presuppose a specific runtime
> environment if the conflict is runtime environment related, and
> again, at best all that can be done is to inform the user.
>
> If the conflict is runtime-process related (e.g. two libraries
> registering the same Python hook), then only a project that declares
> dependencies to both is affected, and only that project's authors
> need to be informed.
>
> Given these conditions, it isn't clear that any of these three cases
> (obsoletes, environment conflict, in-process conflict) constitute
> something that an installation tool should be informing an end-user
> about, vs. the developer or integrator who's declaring the
> dependencies in the first place.
>
> For example, it might make sense for developer-side tools like
> setuptools and buildout to check that one's declared dependencies
> don't have conflicts before pushing out an sdist or bdist or doing an
> install, and to warn for any obsoleted dependencies. In contrast, an
> end-user tool like pip or easy_install would have little reason to
> check any of this, as their user isn't really affected by anything
> but environment-level conflicts that are unlikely to arise as an
> immediate result of installing the software.
>
>
>
>> +1. This series of mails point out that we definitely need to talk a
>> bit more about the usability of the fields.
>> Maybe are we missing something here, and maybe arent we talking
>> about the same type of conflicts. In any case, we need to clarify
>> all this *before* doing the implementation stuff.
>
> I think that the main thing being missed is that these fields are
> being copied from a completely different kind of use case: the
> concept of a "package" as a bundle of preconfigured software that is
> also pre-integrated with a uniform operating environment. In that
> context, it is the curators of that overall environment who are in a
> position to make judgments regarding what is a "conflict", or what
> packages will "obsolete" each other in the context of that environment.
>
> Lacking such an overall curator organization in the PyPI environment
> (and not desiring one, anyway, since PyPI is inherently a software
> distribution *catalog* rather than a platform of its own), these
> fields make very little sense. They are perhaps most useful as a
> centralized way to pass along notifications to developers (or to
> curator/integrators of system packages), but have little or no impact
> on the software installation process itself.
>
> I also suspect that if you ask those curator/integrators of system
> packages, that they will say that the information in these fields
> would be of little value to them in any case, as it's unlikely that
> the author will *know* about the kinds of conflicts they'd be
> concerned about in their packaging process. But it would certainly
> be worth asking them.
>
> More to the point though... I wonder whose idea it was to have these
> fields in the first place? Neither PEP 314 nor PEP 345 don't really
> say, "Oh, such and such people asked for these fields for thus-and-so
> use cases", and in the absence of such requestors and use cases, it
> would probably be best just to drop them entirely. (Unless of course
> Fred offers a description of what his actual use case for Conflicts
> is/was, and it doesn't fall into one of the categories previously discussed.)
FWIW, I helped add those fields to PEP 345, in the context of making the
switch from "module / package"-centric values to distribution-centric
ones. The requirements came out of a sprint at PyCon 2009, with input
from both the Debian / Ubuntu Python packager (Matthias Klose) and one
of the Fedora packagers (Toshio Kuratomi).
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkx4KTQACgkQ+gerLs4ltQ7AFwCgycG3CP9sDjKMfOljCS69c72r
ayAAn1rr/aeWVrhQdUjMbuWyAi7efgez
=SfA+
-----END PGP SIGNATURE-----
More information about the Catalog-SIG
mailing list