eggs considered harmful

Fuzzyman fuzzyman at gmail.com
Mon Jun 25 16:41:12 EDT 2007 

On Jun 21, 1:10 pm, Harry George <harry.g.geo... at boeing.com> wrote:
> ...at least around here.
>
> I run a corporate Open Source Software Toolkit, which makes hundreds
> of libraries and apps available to thousands of technical employees.
> The rules are that a) a very few authorized downloaders obtain
> tarballs and put them in a depot and b) other users get tarballs from
> the depot and build from source.
>
> Historically, python packages played well in this context.  Install
> was a simple download, untar, setup.py build/install.
>
> Eggs and with other setuptools-inspired install processes break this
> paradigm.  The tarballs are incomplete in the first place.  The builds
> sometimes wander off to the internet looking for more downloads.  The
> installs sometimes wander off to the internet looking for
> compatibility conditions.  (Or rather they try to do so and fail
> because I don't let themn through the firewall.)


I understand your situation and I have some misgivings myself. It
reminds me of the time when I worked in a 'corporate environment' and
I was trying to install a Perl application to get round the internet
blocking.

The application (localproxy - very good) was *intended* to be
installed via CPAN for tracking requirements - which didn't work
behind our proxy firewall. Although the project author (a very
technical guy) knew the direct dependencies, some of these had
dependencies. He *didn't know* the full dependency set for his
project.

Eventually, through trial and error (and a lot of help from the
author) I was able to get it working. But it was painful.

My guess is that a lot of the world's computers are behind firewalls
or proxies that preclude automatic dependency resolution.

*However*, there is a very good reason why setuptools and eggs are
gaining in popularity (and will continue to do so). For the majority
of users eggs are just *so damned convenient*. Being able to do
``easy_install some_project`` and have it just work is fantastic.

There are probably ways round this. For most non-esoteric eggs it
should be possible to create an ordinary installation tarball from an
egg. If you do easy_install of a project into a bare Python
installation (a VM instance for example) then you should be able to
see which dependencies are fetched.

If this is too much then I fear that you may be SOL...

Fuzzyman
http://www.voidspace.org.uk/ironpython/index.shtml

More information about the Python-list mailing list