[Distutils] Dependency extensions
Tres Seaver
tseaver at palladion.com
Thu Oct 11 23:20:24 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Phillip J. Eby wrote:
> At 04:07 PM 10/11/2007 -0400, Tres Seaver wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have use cases for a couple of extensions to how requirements are
>> spelled in a setuptools-enabled project.
>
> You should probably include them, then. You only sent the
> specifications for how you'd like to implement *solutions* for the
> problems posed by your use cases. ;-)
>
> In other words, you didn't explain why it is you think you know
> better than the package owner what version his package needs, or why
> the existing dependency URL features don't do what you want.
In the case of overrides, I have seen lots of cases where project
authors have overspecified dependencies in their requirements for a
given distribution, mostly because they don't want to have to support
their package configurations they don't test. I'm fine with that line
of thought, as long as I have a way to reuse their packaged stuff in
combination with mine, where I *do* test with a different version than
they do: in such a case, if my package can signal to setuptools that
*my* specification should win, I can use their code without forking a
new distribution.
Working around such a problem today typically requires hand-editing the
'requires.txt' for the over-strict package after installing it. Setup
tools provides no way to install an over-strict package as a dependency
without propagating those constraints.
Pinning a package to a given repository is a common packaging
requirement (yum and apt both support it). The driver there is the need
to maintain a "known good" configuration, where some packages (at least)
are installed from a repository whose maintainers are more reliable /
trustworthy than others. (e.g., some maintainers are pretty sloppy
about re-releasing packages "in place", or even removing them).
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHDpOY+gerLs4ltQ4RAseJAJ0T16bFz/mLSPIZq95wUsGKBaUeiwCg1Ag2
RA+Q12lRKThc02ZHzy4dG2c=
=+0UV
-----END PGP SIGNATURE-----
More information about the Distutils-SIG
mailing list