[Distutils] [Bulk] Re: formencode as .egg in Debian ??

Vincenzo Di Massa hawk78_it at yahoo.it
Fri Nov 25 15:23:15 CET 2005 

(Sorry for the prevoius empty post)

Alle 13:52, venerdì 25 novembre 2005, hai scritto:
> Le vendredi 25 novembre 2005 à 11:54 +0100, Vincenzo Di Massa a écrit :
> > Alle 11:04, venerdì 25 novembre 2005, David Arnold ha scritto:
> > > But, if compatible versions of those dependencies are already installed
> > > as Debian packages *without* egg metadata, will these be ignored?
> >
> > Yes, they will.
>
> Why?
The reason is explained by Phillip in the previous e-mails.

> > > Even if it was possible for Debian to extend this downloading mechanism
> > > so that it looked for dependencies via apt-get before trying to install
> > > from the raw source or egg or whatever, it would usually be the case
> > > that the user running the newly downloaded Python application would not
> > > have permission to install system packages.
> >
> > I think easy_install coud be patched by debian packagers (or made
> > configurable by Phillip) to add a further check on dependency checking:
> > it could check if a dependency is already provided by system packages.
>
> It could do it by simply trying to import the module.

But it will not know about the version of the module that is imported!
I know we who are using debian packaged modules don't care to have this checks 
at runtime.
But there are circumstances where it is not possible/wanted to install a 
debian packaged python module (maybe becouse: you have not root access, you 
want to install a personal/test/unpackaged version in your home... you are 
not a debian user, (thus you are using something that is inferior to 
Debian ;-) ). 
Python developers need a way to check deps at runtime becose python MUST work 
on platforms inferior to debian. So they put and will put code in theyr 
projects that does this: check for versin X of modlule foo.
Distributors (where vensions are already taken care of) can safely remove that 
checks (monky patching every upcoming python module released). But if they 
don't remove the checks (and simply manage them in a custom and wise way) 
they will allow thir users to install local copies of new/unpackages software 
that plays well with packaged modules (and the don't need to pathc 
evey(maybe) single new python app!).
This seems a *real benefit*, no?

> > easy_install (and pkg_resources.require()) could have a config file
> > telling what code execute to test for dependencies, configurable in a way
> > that when I require foo-1.2.3 it can:
> > 1) optionally check if apt (or urpmi or anything else) can provide that
> > depenedency and, if apt has them, promt the user to either:
> >      1.1) run apt-get as root
> >      1.2) skip this step ( 1) ) and go to directly to 2)
>
> No. If the dependency is missing, this is a bug in the Debian package.
> No more, no less.

You are not understanding... I'm talking about unpackaged modules. So there is 
no buggy package: there is no package at all, just a freshly downloaded (from 
somewere) python app or lib that you want to run from (for example) your 
home.
Is it desiderable that an user can test a new app by just downloading the 
python source and installing it in his home using easy_install without the 
need to also install in his home the dependencies debian already satisfies 
correctly . No?

> Furthermore, it is a bad idea for a python script to mess up with the
> packaging system. 
In fact I'm not proposing this! The python script will just tell the user to 
run apt-get as root if needed.
> Not only querying it is very slow, but it implies to 
> make assumptions about the versioning scheme, that can become wrong at
> any time.

The query can be cached, or the post-install script could populate a fastly 
searcheble (module,version) database of installed modules. It is not so 
difficolt, is it?

> > 2) check if it can find this dep like setuptools does today (installing
> > them as eggs somewhere in the user's home)
>
> I consider this as a security risk. I hope this can be disabled by
> default.

That ha nothing to do with the system: this fallback will just execute for 
software that is not already provided by Debian. So you are not going to 
accidentally install something becouse of this. Moreover the user is expected 
to insert the path where the fallback mecanism can install deps as egg. That 
could be similar to a make install in C world: if you don't specify a 
destination things go to /usr/local.

> Regards,

Vincenzo

	

	
		
___________________________________ 
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB 
http://mail.yahoo.it

More information about the Distutils-SIG mailing list