eggs considered harmful
Fuzzyman
fuzzyman at gmail.com
Mon Jun 25 16:41:12 EDT 2007
On Jun 21, 1:10 pm, Harry George <harry.g.geo... at boeing.com> wrote:
> ...at least around here.
>
> I run a corporate Open Source Software Toolkit, which makes hundreds
> of libraries and apps available to thousands of technical employees.
> The rules are that a) a very few authorized downloaders obtain
> tarballs and put them in a depot and b) other users get tarballs from
> the depot and build from source.
>
> Historically, python packages played well in this context. Install
> was a simple download, untar, setup.py build/install.
>
> Eggs and with other setuptools-inspired install processes break this
> paradigm. The tarballs are incomplete in the first place. The builds
> sometimes wander off to the internet looking for more downloads. The
> installs sometimes wander off to the internet looking for
> compatibility conditions. (Or rather they try to do so and fail
> because I don't let themn through the firewall.)
I understand your situation and I have some misgivings myself. It
reminds me of the time when I worked in a 'corporate environment' and
I was trying to install a Perl application to get round the internet
blocking.
The application (localproxy - very good) was *intended* to be
installed via CPAN for tracking requirements - which didn't work
behind our proxy firewall. Although the project author (a very
technical guy) knew the direct dependencies, some of these had
dependencies. He *didn't know* the full dependency set for his
project.
Eventually, through trial and error (and a lot of help from the
author) I was able to get it working. But it was painful.
My guess is that a lot of the world's computers are behind firewalls
or proxies that preclude automatic dependency resolution.
*However*, there is a very good reason why setuptools and eggs are
gaining in popularity (and will continue to do so). For the majority
of users eggs are just *so damned convenient*. Being able to do
``easy_install some_project`` and have it just work is fantastic.
There are probably ways round this. For most non-esoteric eggs it
should be possible to create an ordinary installation tarball from an
egg. If you do easy_install of a project into a bare Python
installation (a VM instance for example) then you should be able to
see which dependencies are fetched.
If this is too much then I fear that you may be SOL...
Fuzzyman
http://www.voidspace.org.uk/ironpython/index.shtml
More information about the Python-list
mailing list