[Catalog-sig] API search by python version (or classifier)

Tres Seaver tseaver at palladion.com
Thu Jan 27 00:23:06 CET 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/26/2011 04:07 PM, Alexis Métaireau wrote:
> Le 26/01/2011 20:44, "Martin v. Löwis" a écrit :
>> FWIW, another copy of the PyPI metadata is available in FluidDB, which
>> is also a rest-based database:
>>
>> http://www.fluidinfo.com/
>> http://fluiddb.fluidinfo.com/about/pypi-fluiddb-mirror
>> http://fluiddb.fluidinfo.com/namespaces/loewis?returnNamespaces=True
>> http://fluiddb.fluidinfo.com/namespaces/loewis/cheeseshop?returnTags=True
> 
> Great !
>>
>>> +1. eggs are unfortunately a hell to deal with when it comes to
>>> metadata: we are forced to downlad the distributions and extract the
>>> metadata using the setuptools egg_info command.
>>
>> It's your (catalog-sig reader's) choice that this is a hell to deal
>> with: I offered to provide the metadata on PyPI, and the proposal
>> was shot down. Had I been allowed to implement the feature, the data
>> would have been available to everybody without downloading.
> 
> As stated before, the problem with those metadata is they are os
> specific, and one version can't be determined once for all. Putting
> those metadata on PyPI could be wrong, because not accurate.
> 
> PEP 345 deals with those os specific issues and propose a metadata
> format to statically describe those os specific informations.


I think the SIG's response in September was a good example of "the
perfect is the ene good":

- - A miniscule fraction of all PyPI releases actually declare PEP 345
  metadata.  I see no evidence that the number is growing[1].

- - A very significant number of the packages on PyPI declare
  dependencies via setuptools'requires.txt';  "practicality beats
  purity."

- - Of the packages which were made with setuptools metadata, the number
  for which one distribution of a given release has different
  dependencies than another of the same release is likely insignificant.

- - Resolving conflicts in favor of source distributions would be the
  simplest and most useful heuristicc (binary eggs suck as a sharing
  format!)

Exposing even imperfect dependency data while we await PEP 345 adoption
would have been a useful, pragmatic thing to do.


[1] Of the forty most recent releases on PyPI as of this writing:

    - Nnot one* correctly declared a PEP 345 'Requires-Dist' (one
    seemed to want that, but used 'Requires' with a version string).

    - Twenty-six of the  forty used setuptools to declare
      dependencies;

    - Four had no package uploaded.

    - Five used PEP 314-style 'Requires' (no versions, not necessarily
      project names

    - FIve were "bare" distutils with no dependency metadata at all.


Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1ArNoACgkQ+gerLs4ltQ6PowCePYji/AAlT/ORVI3InWIxqko+
6rgAnjFJEAtjl8bTbqqEngCz1QwqmNF/
=lMhZ
-----END PGP SIGNATURE-----

More information about the Catalog-SIG mailing list