[Python-ideas] More "ensure*" packages

Fri Aug 14 17:57:53 CEST 2015

On 14Aug2015 0422, M.-A. Lemburg wrote:
> On 13.08.2015 19:06, Steve Dower wrote:
>> I'd like to propose expanding the list of 3rd-party packages we bundle and install by default.
>> (Obviously this does not apply to platforms that repackage Python and can do whatever they want, but
>> on Windows and Mac we are fully responsible for these.)
>>
>> Currently, we bundle pip (and some of its dependencies - let's avoid that particular discussion
>> right now please, it's on python-dev) and install it by default in a way that lets users easily
>> update to the latest version. Including pip in the standard library would lock users into a specific
>> version for the lifetime of that Python version, which would be a bad thing.
>>
>>  From my point-of-view, this has been very successful in Python 2.7, 3.4 and will also be successful
>> in 3.5. For Python 3.6, I'd like to do a similar thing with:
>>
>> * requests
>> * tkinter (including tcl/tk, IDLE, and other dependencies)
>
> requests is already installed as part of pip, along with a whole
> set of other packages (but not exposed at the top-level), so
> moving it to its own ensure package wouldn't really change much
> in terms of approach.
>
> The problem I see with requests is that they sometimes
> have glitches in their releases causing them not to be usable,
> so the version that gets "ensured" would need some extra testing
> by whoever manages the list of packages.

I'm interested in this. What sort of glitches are we talking about here? 
Are they not caught by the requests team's tests? Why would someone else 
be able to test it better than them?

I'd certainly be okay with locking in the version at rc1 time to give 
people a chance for wider testing. I'd be very nervous about updating 
any bundled package on the day that the final release is built.

> Also notes that the pre-packaged
> version in pip is not managed by the package manager (because
> it doesn't see it), so you will sooner or later end up with multiple
> requests package copies in your site-packages.

pip has decided to vendor requests to avoid issues like this. It's 
unfortunate, but it is the best way to ensure that you can update 
requests securely even if you get a broken version.

> Not sure about tkinter. Requiring newbies to run an ensure script
> to be able to run IDLE doesn't sound like a good idea.
>

Maybe I misunderstand how the ensure scripts work on other platforms? On 
Windows (and in the makefile), the installation runs it for them. Only 
people who edit the makefile and build from source would have to run it 
manually, and I'm fairly sure you don't get to claim to be a newbie at 
that point :)

Of course, if distros disable the ensure scripts, it's on them to make 
sure their users have access to the packages they need. Distros can 
already remove Idle/tkinter if they want to.

Cheers,
Steve