[Catalog-sig] Re: Meeting followup- CPAN for Python?

Ian Bicking ianb at colorstudy.com
Sat Dec 11 00:22:19 CET 2004 

Richard Jones wrote:
> On Sat, 11 Dec 2004 05:51 am, Ian Bicking wrote:
> 
>>* Track package names into PyPI.  For now these will serve as 
>>identifiers for installation and dependencies.  Conflicting package 
>>names already cause a lot of problems anyway, so it would be nice if 
>>they'd be unique.
> 
> This step is done. In PyPI, a name is owned by someone (or some people).

True.  The downside is that it isn't the Python package name, it's just 
a name.  The Python package name seems like a natural identifier; though 
some projects have no packages (e.g., many applications), and some have 
multiple packages.

>>* Add a field for package dependencies, based on those names.  Forget 
>>about version requirements for now.  Though in theory, since distutil 
>>setup.py files are just Python scripts, this should be extensible.
> 
> 
> Also, handling versioning implies that people retain versioned source 
> downloads - something we can't rely on.

Well, we couldn't necessarily resolve problems, but distutils could at 
least complain obnoxiously.

> Possibly what we need is for the package to be able to indicate which versions 
> it's been *tested* with, so it can warn that the download might not work? 

That seems fairly easy.

> IIRC a problem with CPAN was version incompatibilities breaking things (I 
> know I've hosed my Perl install a couple of times)

Doing multiple installs of different versions in Python isn't that hard, 
but it's not that easy either.  That's a fairly expansive problem.

> Now, having dependencies list is all well and good - what do we do with them? 

I don't think we should look that far ahead ;)  If I was going to leave 
something out of this iteration, the first thing would be the 
dependencies list.  You can always put this at the top of your setup.py:

try:
     import some_package
except ImportError:
     print "You have not installed a required package: some_package"
     sys.exit(1)

> If we have automated checking against those dependencies, then that implies 
> that we remember what's installed. AMK has done some work on this:
> 
> Database of Installed Python Packages
>   http://python.org/peps/pep-0262.html

Certainly useful.

> Other relavent PEPs:
> 
> Package Index and Metadata for Distutils
>   http://python.org/peps/pep-0301.html
>   (*still* marked "under consideration"... sigh)
> Metadata for Python Software Packages v1.1
>   http://python.org/peps/pep-0314.html
> 
> Metadata version 1.1 has fields for "download-url", "requires", "provides", 
> "obsoletes" and "conflicts". I guess we need to change "download-url" to 
> "source-url". Mmm. Ambiguity. 

Indeed, it seems like half of the packages don't have source on the 
other side of their download URL.  Lots don't even have a download page, 
or even a package-specific page.  In cases of ambiguity, authors choose 
to be lazy...

It also needs to support multiple kinds of downloads.  Freshmeat has 
this, though the kinds of downloads are fixed, which seems unnecessary 
for us.  System-specific packages are usually prefered if available. 
Well, sometimes -- usually system-specific packages are harder to use 
for multi-version installs.  Anyway, there's a place for several kinds 
of packages.

> It also removes Platform, and specifies the 
> formatting of the long description field. The only open issue in that PEP is 
> the license field. I believe some people would like it to remain, but only be 
> used when their license doesn't appear in the Classifiers list, and they need 
> to include the full text of their license (or some other statement about it). 
> See PyPI bug 693471.
> 
> Also of interest:
> 
> Module Repository Upload Mechanism
>   http://python.org/peps/pep-0243.html
> 
> 
> 
>>* Add a field for source download; maybe make it a dictionary, so you 
>>can give several links for different sources (e.g., source tarball/zip, 
>>rpm, windows installer, debian package, etc).
> 
> 
> I think just sticking with the source installer is fine. This is all invoked 
> by setup.py, isn't it?

Well, by phrasing this in terms of data, not functionality, we make this 
potentially frontend-neutral.  We can already generate rpm's from 
distutils, and I don't know why debs haven't also been added to that. 
In many cases they would be preferred.

>>* Create a script that can query PyPI, get the link(s), then download 
>>it.  PyPI already has an XML-RPC interface, I believe.
> 
> 
> PyPI's web interface is a complete shambles. I really want to reimplement it 
> in something easier to maintain, and more extensible. As an aside: the pypi 
> sqlite database really needs to move to postgresql.

Would that be hard?  Is it mostly a sysadmin issue, or a coding issue?

What do you want to change in PyPI's interface?

>>Because of SF,  
>>the downloader has to be a little smart about the load balancing page in 
>>that case, but that's relatively easy.
> 
> We'll be special-casing for them, but there will probably be other download 
> sites like this :(

Yeah... well, at least for SF it is worth doing the special case, simply 
because of the number of files hosted there.  After that, who knows.

>>Well, these are some of my ideas.  If people are interested in this in
>>general, we could try to organize a little mini-sprint; a number of us
>>would come together and try to bang it out.  We could try to schedule
>>and coordinate this with Richard or other interested people over IRC.
> 
> 
> Looks like I'll be attending PyCon, so a sprint there would be possible.

Well, people here at ChiPy have been showing some interest, and most of 
them probably won't be going to PyCon.  So people might want to try 
tackling some of these things on a different schedule.  And the PyCon 
sprints won't be during the weekend, so that would also make it hard for 
non-PyCon people to participate.

-- 
Ian Bicking  /  ianb at colorstudy.com  /  http://blog.ianbicking.org

More information about the Catalog-sig mailing list