[Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
Ronald Oussoren
ronaldoussoren at mac.com
Tue Dec 20 16:06:27 CET 2005
- Previous message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Next message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On 20-dec-2005, at 15:40, M.-A. Lemburg wrote:
>
> I'm sure Apple will add support for uninstall soon. Even if not,
> we can easily add an uninstall script to the created package which
> then removes all traces of the installed package - much like
> bdist_wininst does in order to support uninstall of the Windows
> package.
You're much more optimistic than me w.r.t. Apple provided
uninstallers. Apple's installer does offer no protection whatsoever
against replacing files that belong to another package, I suppose at
least partially because Apple itself uses installer packages to ship
patches. This makes uninstalling a lot harder.
It should not be too hard to write a limited uninstaller for OSX,
information about installed packages is stored in /Library/Receipts
and that includes information about all installed files.
>
> Dependency management is a nice to have feature, but I
> wouldn't consider it essential.
I've lived without dependency management for ages, but am disliking
it because I end up playing the dependency engine myself. It would be
very nice if the standard distutils package could at least provide a
way to store dependency information in setup.py, a PKG-INFO file and/
or on PyPI. That way users at least wouldn't have to search for
dependencies in package documentation.
>
> Automatic downloads are nice to have as well, but sys admins
> rarely trust tools that automatically download and install
> software, unless they have complete control of where things
> are downloaded, when and whether there's proper authenticity
> control built into the tool.
I'm not too happy about the downloading feature of setuptools because
of the lack of verification. I haven't spent enough time with
setuptools yet to decide how to reach a save-enough situation. There
will always be some trust involved, even if packagse included digital
signatures I'd have to trust the signer enough to assume that he
won't insert malware into his package.
>
> AFAIK, easy_install doesn't
> provide any kind of authenticity control - probably due to
> the fact that PyPI doesn't have this feature. At least the
> MD5 sum should be checked, but for this, the PyPI registry
> would have to provide this information in some way.
Checking checksums is very nice of cource, but doesn't help against
someone that registers hostile code with PyPI. Luckily PyPI protects
against users that try to register new versions of projects they
don't own.
>
>> And BTW the most common way to install software on OSX is by
>> dragging an
>> application
>> icon from a CD or disk image to the folder containing
>> applications ;-) ;-)
>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source (#1, Dec 20
> 2005)
>>>> Python/Zope Consulting and Support ... http://
>>>> www.egenix.com/
>>>> mxODBC.Zope.Database.Adapter ... http://
>>>> zope.egenix.com/
>>>> mxODBC, mxDateTime, mxTextTools ... http://
>>>> python.egenix.com/
> ______________________________________________________________________
> __
>
> ::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for
> free ! ::::
- Previous message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Next message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Distutils-SIG
mailing list