[Distutils] Bundling pkg_resources
P.J. Eby
pje at telecommunity.com
Mon Nov 30 19:13:00 CET 2009
At 08:00 PM 11/30/2009 +0200, cool-RR wrote:
>On Mon, Nov 30, 2009 at 7:57 PM, P.J. Eby
><<mailto:pje at telecommunity.com>pje at telecommunity.com> wrote:
>At 02:09 PM 11/30/2009 +0000, Ram Rachum wrote:
>I've asked before about bundling Distribute. But now I ask, is it possible to
>pull out the `pkg_resources` module from the Distribute folder and bundle only
>that with my project?
>
>
>If your project is a standalone application with a completely
>isolated sys.path, then yes, you can bundle it. If your project is
>a library or shares sys.path directories with other libraries or
>applications, then no, *do not bundle it*.
>
>(This is true even for the original pkg_resources, but it's doubly
>true for Distribute's pkg_resources, as installing it may break a
>setuptools-based installation's ability to upgrade setuptools.)
>
>
>What I was thinking is to put it in its own package, and then import
>it like `from my_package import pkg_resources`.
>
>Would that still be problematic?
Not if your modules are the only ones using any pkg_resources APIs
within a given program. But consider what happens if both your
package and another package are calling 'require()' -- just to give a
really simple example. You will have two working_set objects that
don't agree with each other, or with sys.path. (Similar issues may
also apply for other pkg_resources data structures and APIs.)
Bundling pkg_resources is really not a good idea for anything but a
100% standalone application or similarly controlled environment,
where you know that nothing else will be doing that kind of
thing. (Bundling it alongside your setup.py to use during
installation -- but not actually installing it -- would also be
relatively safe.)
If all you're worried about is that a user's version of setuptools
might have some sort of bug in pkg_resources, you needn't be. It's
the single most stable part of the setuptools code base, both in the
senses of "infrequently changing" and "not a lot of bugs". Even if
someone's using a version of pkg_resources that's say, 2 or 3 years
old, you're not likely to see any bugs more severe than a spurious
warning message that something might be being imported from more than
one place.
More information about the Distutils-SIG
mailing list