[Distutils] Re: buildpkg.py to evaluate (Was: Python packagemaker for OS X Installer.app)

M.-A. Lemburg mal@lemburg.com
Mon Nov 19 05:06:00 2001

Jack Jansen wrote:
> Recently, "M.-A. Lemburg" <mal@lemburg.com> said:
> > Jack Jansen wrote:
> > >
> > > Recently, "M.-A. Lemburg" <mal@lemburg.com> said:
> > > > Hmm, I think we have to do something about the development process
> > > > for distutils. AFAIK, Andrew is the current distutils champion --
> > > > perhaps we ought to be a little more flexible w/r to checkins
> > > > and allow more people to review the distutils patches ?!
> > >
> > > Yes, definitely. I've also had distutils Mac support miss 2.0 because
> > > of this... No critique implied, I fully understand that people have
> > > priorities, but I think we should get rid of bottlenecks if at all
> > > possible.
> >
> > Right -- we should allow for distutils updates *between* Python
> > releases too.
> This wouldn't work for the Mac (and probably not for Windows either):
> no-one is going to download anything except complete, test-and-tried
> MacPython distributions. There are a few thousand people who
> download betas and about 2 people developing from CVS, but the
> majority of the MacPython users follow distributions.

I wasn't talking about distutils releases which change the
installation part of distutils (i.e. install commands etc).
It's the development side (e.g. bdist_macos) which should be
made available between Python releases to a wider audience
of package developers.
> That is: unless distutils itself could be thaught how to upgrade
> itself, and distutils distributions have a "minimal required version"
> field. For most Python packages this wouldn't work, but I think for
> distutils it could be done. Distutils is pure Python, so there are no
> problems with missing compilers, search paths, etc, and on every user
> machine we should be able to download a new version (or, in case of
> inadequate permissions, tell the user to inform the sysmgr). Also,
> distutils on the machine where a distribution is created could act as
> the enforcer of the rule that each distutils-based distribution needs
> to include the distutils version number under which it is supposed to run.

Nice idea, but there are at least two problems:

1. security concerns on the admin side (how do you know that
   you can trust the download source)

2. permission problems (only admins would be able to let distutils
   upgrade itself)

I don't know about others, but the first thing I do after downloading
a new version of Netscape|Quicken|... is to disable the auto-update

Marc-Andre Lemburg
CEO eGenix.com Software GmbH
Consulting & Company:                           http://www.egenix.com/
Python Software:                        http://www.lemburg.com/python/