On Fri, Jun 9, 2017 at 11:03 AM, Ned Deily wrote:

On Jun 9, 2017, at 08:43, Victor Stinner wrote:

...

I expect that all Linux distributions build Python using --with-system-expat. It may become the default? What about macOS and other operating systems?

The current default is --with-system-expat=no so, unless builders of Python take explicit action, the bundled version of expat is used. Using the bundled version is also currently the case for the python.org macOS installer, no idea what other distributors do. Apple supplies a version of expat with macOS so we presumably we could use the system version for the installer. Presumably (Zach?) we would need to continue to supply a version of expat for Windows builds. But do we need to for others? If it were only Windows, *then* perhaps it might make sense to make all the changes to move expat out of cpython into the common repo for third-party Windows libs.

Yes, we would need to continue providing a version for Windows. It would be a relatively small change to move it to the externals repository. I would be fine with switching to `--with-system-expat=yes` by default and building from externals on Windows in 3.7, and removing the bundled expat in 3.8.

...

By the way, Zachary Ware is working on converting this repository to Git. I don't know his progress: - https://github.com/python/cpython-bin-deps - https://github.com/python/cpython-source-deps

PR 1783 (https://github.com/python/cpython/pull/1783); needs another review from Steve to make sure I haven't made a complete mess of things, then it should be ready to go. Anyone else on Windows (Terry Reedy?) who can test it and provide feedback, please do! -- Zach

On 9 Jun 2017, at 18:03, Ned Deily wrote:

On Jun 9, 2017, at 08:43, Victor Stinner wrote:

...

I expect that all Linux distributions build Python using --with-system-expat. It may become the default? What about macOS and other operating systems?

The current default is --with-system-expat=no so, unless builders of Python take explicit action, the bundled version of expat is used. Using the bundled version is also currently the case for the python.org macOS installer, no idea what other distributors do. Apple supplies a version of expat with macOS so we presumably we could use the system version for the installer. Presumably (Zach?) we would need to continue to supply a version of expat for Windows builds. But do we need to for others? If it were only Windows, *then* perhaps it might make sense to make all the changes to move expat out of cpython into the common repo for third-party Windows libs.

I don’t think it would be a good idea to rely on the system provided libexpat on macOS, as Apple is not exactly fast w.r.t. upgrading their external dependencies and could easily stop updating libraries when the no longer need them (see for example the mess w.r.t. OpenSSL). Ronald

On 11 Jun 2017, at 12:10, Victor Stinner wrote:

Le 11 juin 2017 09:38, "Ronald Oussoren" mailto:ronaldoussoren@mac.com> a écrit : I don’t think it would be a good idea to rely on the system provided libexpat on macOS, as Apple is not exactly fast w.r.t. upgrading their external dependencies and could easily stop updating libraries when the no longer need them (see for example the mess w.r.t. OpenSSL).

Ok, but can't we download expat instead of keeping an old copy in our repisitory?

Sure. The script that creates the installer already downloads a number of libraries, adding one more shouldn’t be a problem.

Having a copy is useful when we modify it. I don't that it is the case here.

I don’t know why expat was included in the CPython tree and if those reasons are still valid. I therefore have no opinion on keeping it, other than that expat shouldn’t be kept in the CPython tree unless there’s a good reason for doing so. BTW. Removing 3th-party libraries from the source tree doesn’t fully isolate us from security issues in those libraries due to shipping the libraries in binary installers on Windows and macOS. The removal does make maintenance easier (no need to guess whether or not there are local patches). Ronald

Victor _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/ronaldoussoren%40mac.com