[Distutils] Time for a setuptools_lite??

[Nick Coghlan]

On 28 Oct 2015 20:10, "Donald Stufft" <donald at stufft.io> wrote:
>
> No, I’m suggesting that the PyPA needs to be conservative with it’s
recommendations and that we need to consider the broader ecosystem impact.
Individual projects or people may have different criteria they use to
determine what is an acceptable solution, but we have to walk the fine line
between trying to do what’s best for many different groups of people (and
we sometimes have to make things worse for X to make it better for Y).

Right. While consuming prebuilt binaries is an acceptable approach in many
cases, it's not acceptable for Linux distros since it can easily lead to
problems with things like reproducible builds and licensing compliance
(especially for copyleft licenses with on demand source provision
requirements).

That said, for Fedora RPMs, we don't need sdist per se - we only need ready
access to the "original sources". It's just that wheels don't count, since
they're a nominally binary format, and "C ABI = None, Platform = None" in
the filename isn't currently an entirely reliable indicator of a pure
Python wheel file. (Even if those markers *were* entirely reliable, the
"certain kinds of wheel files can be treated as if they were source
archives" gets really messy conceptual - it's akin to the "8-bit text is an
ill-defined subset of arbitrary 8-bit data" represented by the Python 2 str
type).

A HTTPS source control URL together with a commit hash *can* count, though,
even in the absence of a source archive uploaded to PyPI, as the VCS
information is enough for us to retrieve the original sources and put them
in the SRPM. (I'm not as familiar with Debian's policies as I am with those
for Fedora et al, but as far as I am aware, they want a reference to the
original sources for similar reasons of build reproducibility, license
compliance, and code auditability).

> I don’t have any problems with flit, or if someone wants to use it. I
have a problem with making it an official recommendation prior to the
foundations being laid to make it what I consider to be a reasonable,
ecosystem wide, solution.

Right, any recommended solution needs to provide access to the original
sources *in addition to* any already built wheel files.

While Linux distros could technically cope with arbitrary source trees, I
think we're close enough to having a cleaner sdist format defined that we
can wait until it's defined and flit produces it in addition to a wheel
file before switching the official recommendation for new users.

Cheers,
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20151029/0bbf4c56/attachment-0001.html>