[Catalog-sig] Dependencies
anatoly techtonik
techtonik at gmail.com
Sat Jun 16 11:01:39 CEST 2012
On Sat, Jun 16, 2012 at 6:01 AM, Richard Jones <r1chardj0n3s at gmail.com> wrote:
> "impossible to safely extract requirements in a 100% generic way."
>
> It has nothing to do with it being the de facto standard and everything to
> do with executing untrusted code on pydotorg systems with no guarantee that
> we'll even get the setup.py to work in our environment anyway.
I'd say that automatic dependency extraction is a problem of package
management tools. PyPI is just a catalog, which critical role is to
provide ability to store, query and get dependency information. In the
end all dependency information is always provided by package
maintainer - setup.py or metadata or whatever is only a medium. So if
there is a way to submit the info through the API manually - the tools
will follow,
More information about the Catalog-SIG
mailing list