[Catalog-sig] Dependencies
Richard Jones
r1chardj0n3s at gmail.com
Sat Jun 16 05:01:58 CEST 2012
"impossible to safely extract requirements in a 100% generic way."
It has nothing to do with it being the de facto standard and everything to
do with executing untrusted code on pydotorg systems with no guarantee that
we'll even get the setup.py to work in our environment anyway.
Sent from my portable device, please excuse the brevity.
On Jun 16, 2012 2:41 AM, "Chris Withers" <chris at python.org> wrote:
> On 13/06/2012 13:20, Donald Stufft wrote:
>
>> setuptools is a non standard addition to Python packaging which
>> is impossible to safely extract requirements in a 100% generic
>> way.
>>
>
> I would argue setuptools is the de facto python packaging dependency
> specification, which PyPI should support as a result.
>
> Distutils2 / metadata 1.2 includes a safe, good way to specify
>> requirements similar to setup tools but it's not ready for primetime yet.
>>
>
> ...except that only a fraction of packagers even know what these are, let
> alone use them...
>
> Chris
>
> --
> Simplistix - Content Management, Batch Processing & Python Consulting
> - http://www.simplistix.co.uk
> ______________________________**_________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/**mailman/listinfo/catalog-sig<http://mail.python.org/mailman/listinfo/catalog-sig>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120616/b64fab0c/attachment.html>
More information about the Catalog-SIG
mailing list