[Distutils] Comments on PEP 426

Antoine Pitrou antoine at python.org
Tue Aug 20 15:25:07 CEST 2013 

Hello,

Some comments about PEP 426:

> The information defined in this PEP is serialised to pydist.json files for
some > use cases. These are files containing UTF-8 encoded JSON metadata.

Perhaps add that on-disk pydist.json files may/should be generated in printed
form with sorted keys, to ease direct inspection by users and developers?

> Source labels MUST be unique within each project and MUST NOT match any
> defined version for the project.

Is there a motivation for the "not matching any defined version"?
AFAICT it makes it necessary to have two different representation
schemes, e.g. "X.Y.Z" for source labels and "vX.Y.Z" for versions.

> For source archive references, an expected hash value may be specified by
> including a ``<hash-algorithm>=<expected-hash>`` entry as part of the URL
> fragment.

Why only source archive references (and not e.g. binary)?

>    "project_urls": {
>      "Documentation": "https://distlib.readthedocs.org"
>      "Home": "https://bitbucket.org/pypa/distlib"
>      "Repository": "https://bitbucket.org/pypa/distlib/src"
>      "Tracker": "https://bitbucket.org/pypa/distlib/issues"
>    }

This example lacks commas.

> An abbreviation of "metadistribution requires". This is a list of
> subdistributions that can easily be installed and used together by
> depending on this metadistribution.

I don't understand what it means :-) Care to explain and/or clarify
the purpose?

(for me, "meta-requires" sounds like something that setup.py depends
on for its own operation, but that the installed software doesn't need)

(edit: I now see this is clarified in Appendix C. The section ordering 
in the PEP makes it look like "meta_requires" are the primary type of
requires, though, while according to that appendix they're a rather
exotic use case. Would be nice to spell that out *before* the appendices :-)).

> * MAY allow direct references

What is a direct reference?

> Automated tools MUST NOT allow strict version matching clauses or direct
> references in this field - if permitted at all, such clauses should appear
> in ``meta_requires`` instead.

Why so?

[test requires]
> Public index servers SHOULD NOT allow strict version matching clauses or
> direct references in this field.

Again, why? Is it important for public index servers that test
dependencies be not pinned?

> Note that while these are build dependencies for the distribution being
> built, the installation is a *deployment* scenario for the dependencies.

But there are no deployment requires, right? :)
(or is what "meta requires" are for?)

> For example, multiple projects might supply
> PostgreSQL bindings for use with SQL Alchemy: each project might declare
> that it provides ``sqlalchemy-postgresql-bindings``, allowing other
> projects to depend only on having at least one of them installed.

But the automated installer wouldn't be able to suggest the various
packages providing ``sqlalchemy-postgresql-bindings`` if none is
installed, which should IMO discourage such a scheme.

> To handle this case in a way that doesn't allow for name hijacking, the
> authors of the distribution that first defines the virtual dependency
> should
> create a project on the public index server with the corresponding name, 
> and
> depend on the specific distribution that should be used if no other
> provider
> is already installed. This also has the benefit of publishing the default
> provider in a way that automated tools will understand.

But then the alternatives needn't provide the "virtual dependency".
They can just provide the "default provider", which saves the time and
hassle of defining a well-known virtual dependency for all similar
projects.

> A string that indicates that this project is no longer being developed.  
> The
> named project provides a substitute or replacement.

How about a project that is no longer being developed but has no
direct substitution? :)
Can it use an empty string (or null / None perhaps?)

> Examples indicating supported operating systems::
> 
>    # Windows only
>    "supports_environments": ["sys_platform == 'win32'"]

Hmm, which syntax is it exactly? In a previous section, you used
the following example:

>        "environment": "sys.platform == 'win32'"

(note dot vs. underscore)

>     "modules": ["chair", "chair.cushions", (...)]

The example is a bit intriguing. Is it expected that both "chair" and 
"chair.cushions" be specified there, or is "chair" sufficient?

> When installing from an sdist, source archive or VCS checkout, 
> installation
> tools SHOULD create a binary archive using ``setup.py bdist_wheel`` and
> then install binary archive normally (including invocation of any install
> hooks). Installation tools SHOULD NOT invoke ``setup.py install``
> directly.

Interesting. Is "setup.py install" meant to die, or will it be redefined
as "bdist_wheel + install_wheel"?
(also, why is this mentioned in the postinstall hooks section, or
even in a metadata-related PEP?)

> Installation tools SHOULD treat an exception thrown by a preuninstall
> hook as an indication the removal of the distribution should be aborted.

I hope a "--force" option will be provided by such tools. Failure to
uninstall because of buggy uninstall tools is a frustrating experience.

> Extras are additional dependencies that enable an optional aspect
> of the distribution

I am confused. To me, extras look like additional provides, not
additional dependencies. I.e. in:

    "requires": ["ComfyChair[warmup]"]
        -> requires ``ComfyChair`` and ``SoftCushions``

"warmup" is an additional provide of ComfyChair, and it depends on
SoftCushions.

>    "requires": ["ComfyChair[*]"]
>        -> requires ``ComfyChair`` and ``SoftCushions``, but will also
>           pick up any new extras defined in later versions

This one confuses me (again :-)). What does "pick up" mean? Accept?
Require?

>    pip install ComfyChair[-,:*:,*]
>        -> installs the full set of development dependencies, but avoids
>           installing ComfyChair itself

Are all these possibilities ("-", ":*:", "*") useful in real life?

> Environment markers
> ===================

In this section, there still are inconsistencies in the format examples
("sys.platform" vs. "sys_platform").

> * ``platform_python_implementation``: ``platform.python_implementation()``
> * ``implementation_name````: ``sys.implementation.name``

Why two different ways to spell nearly the same thing:

>>> platform.python_implementation()
'CPython'
>>> sys.implementation.name
'cpython'

(also, look at how platform.python_implementation() is implemented :-))

Also, do the ordering operators ("<=", ">=", etc.) operate logically or
lexicographically on version values?

> Build labels
> ------------
> 
> See PEP 440 for the rationale behind the addition of this field.

I can't see anything named "Build label" in PEP 426. Did you mean "source
label"?

> This version of the metadata specification continues to use ``setup.py``
> and the distutils command syntax to invoke build and test related
> operations on a source archive or VCS checkout.

I don't really understand how Metadata 2.0 is dependent on the distutils
command scheme. Can you elaborate?

Regards

Antoine.

More information about the Distutils-SIG mailing list