[Distutils] Dependency extensions

Tres Seaver tseaver at palladion.com
Thu Oct 11 23:20:24 CEST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phillip J. Eby wrote:
> At 04:07 PM 10/11/2007 -0400, Tres Seaver wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have use cases for a couple of extensions to how requirements are
>> spelled in a setuptools-enabled project.
> 
> You should probably include them, then.  You only sent the 
> specifications for how you'd like to implement *solutions* for the 
> problems posed by your use cases.  ;-)
> 
> In other words, you didn't explain why it is you think you know 
> better than the package owner what version his package needs, or why 
> the existing dependency URL features don't do what you want.


In the case of overrides, I have seen lots of cases where project
authors have overspecified dependencies in their requirements for a
given distribution, mostly because they don't want to have to support
their package configurations they don't test.  I'm fine with that line
of thought, as long as I have a way to reuse their packaged stuff in
combination with mine, where I *do* test with a different version than
they do:  in such a case, if my package can signal to setuptools that
*my* specification should win, I can use their code without forking a
new distribution.

Working around such a problem today typically requires hand-editing the
'requires.txt' for the over-strict package after installing it.  Setup
tools provides no way to install an over-strict package as a dependency
without propagating those constraints.

Pinning a package to a given repository is a common packaging
requirement (yum and apt both support it).  The driver there is the need
to maintain a "known good" configuration, where some packages (at least)
are installed from a repository whose maintainers are more reliable /
trustworthy than others.  (e.g., some maintainers are pretty sloppy
about re-releasing packages "in place", or even removing them).


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHDpOY+gerLs4ltQ4RAseJAJ0T16bFz/mLSPIZq95wUsGKBaUeiwCg1Ag2
RA+Q12lRKThc02ZHzy4dG2c=
=+0UV
-----END PGP SIGNATURE-----

More information about the Distutils-SIG mailing list