[Distutils] multiple backports of ipaddress and a world of pain
Nick Coghlan
ncoghlan at gmail.com
Thu Feb 18 08:32:45 EST 2016
On 17 February 2016 at 04:37, Chris Withers <chris at simplistix.co.uk> wrote:
> Hi All,
>
> (Apologies for copying in the maintainers of the two backports and
> django-netfields directly, I'm not sure you're on this distutils list...)
>
> This is painful and horrible, and I wish pip would prevent
> modules/packages with the same name being installed by different
> distributions at the same time, but even if it did, that would just force
> something to happen rather than this:
>
> So, RHEL7, for worse or worse, ships with Python 2.7.5.
It's 2.7.5 + important security backports, so any package that relies on
PEP 466 features like ssl.create_default_context() should be fine in 7.2+.
(You can also switch on default certificate verification if you want it:
https://access.redhat.com/articles/2039753 )
> That means to keep pip happy, you need to do these dances in all the
> virtualenvs you create:
>
>
> http://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning
> http://urllib3.readthedocs.org/en/latest/security.html#pyopenssl
If urllib3 is actually using version detection rather than feature
detection as recommended in PEP 466 (
https://www.python.org/dev/peps/pep-0466/#backwards-compatibility-considerations),
then that's a missing bug report against urllib3
> One of those extra packages drags in this backport:
>
> https://pypi.python.org/pypi/ipaddress
>
> Yay! Now we have a happy pip talking to both PyPI and our internal DevPI
> server!
>
> Right, so in a Django project I need to use
> https://pypi.python.org/pypi/django-netfields. This, however, chooses
> this backport instead:
>
> https://pypi.python.org/pypi/py2-ipaddress
>
> So, now we have two packages installing ipaddress.py, except they're two
> very different versions and make different assumptions about what to do
> with Python 2 strings.
>
> What should happen here? (other than me crying a lot...)
>
It looks like you found a resolution to this part of the problem, but those
dependencies should only be needed on 7.0 and 7.1
Unfortunately, I missed this use case when PEP 508 was being defined, so
there's currently no capability for Python level dependencies to be
conditional on the presence or absence of particular attributes in other
modules :(
Regards,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160218/f7ba4560/attachment.html>
More information about the Distutils-SIG
mailing list