[Distutils] formencode as .egg in Debian ??

Ian Bicking ianb at colorstudy.com
Mon Nov 28 18:27:37 CET 2005 

Josselin Mouette wrote:
> Le dimanche 27 novembre 2005 à 16:26 -0600, Ian Bicking a écrit :
> 
>>>>No one is forcing Debian to package any of these.  
>>>
>>>Of course you are forcing Debian to package these. As long as your
>>>projects have enough users, someone will want to build a Debian package.
>>>The whole point of this thread is to make this package not suck.
>>
>>easy_install works, right now, for these packages.  There are some
>>outstanding issues, and those issues can probably be resolved in
>>easy_install, without any intervention by Debian.  Maybe the simplest
>>resolution is adding an option like:
>>
>>  easy_install --already-provided=1.2.6 ElementTree
> 
> 
> We're not going to tell our users to use easy_install for some kind of
> packages and some other thing for another package, and so on. They
> expect to be able to install anything, just by typing "apt-get install
> foo".

That's okay; I'll just tell my users to use it when Debian packages are 
not available (which is the case for the majority of Python libraries, 
and probably always will be unless libraries are automatically 
packaged).  easy_install provides a much better and safer experience 
than downloading tarballs and using the normal "setup.py install" 
routine; it is an improvement on the status quo.  The other option would 
be to allow people to easily create debs, in the same way they can 
easily create RPMs right now; but I get the strong impression you don't 
think that's a good idea.

>>>I'm happy you see stable releases as "counterproductive". However many
>>>of our users happen to like them, as they don't like to upgrade their
>>>software every other day. Again, eggs are a useful tool only for
>>>developers, not for regular users.
>>
>>These are developer tools, regular users *are* developers.
>>
>>If someone reports a bug, and I fix it, and they can't get access to
>>that because they can't install a new version of the package, then that
>>is counterproductive.  It discourages feedback.
> 
> 
> Stable releases are not meant for developers like you, but there are
> developers who want a stable development platform, even if it has some
> bugs. No bug fixing also means no regressions. The fact you don't
> understand those people's needs - and forget them when designing your
> tools - doesn't make all stable releases "counterproductive".

I'm speaking in terms of the open source ecosystem -- gaining 
contributors is far more valuable than gaining users.  So from my 
perspective -- which isn't out of line from Debian's, I think -- cutting 
off feedback is damaging.

> Developers who want a bleeding edge development platform should be using
> Debian testing or unstable, where the new versions become available as
> soon as possible.

I don't think those really provide the same experience.  If you are 
really serious about the bleeding edge, you should be using a checkout 
from the upstream repository.  Which, incidentally, setuptools and 
easy_install handle nicely.  But again, I say that from the perspective 
of someone who wants to gain contributors, not just users.

>>*Or*, we develop various ad hoc techniques to allow
>>people to install other versions of packages *in spite* of the Debian
>>packages.
> 
> 
> If your packages can't be installed in /usr/local, where they take
> precedence over the version in /usr, your packaging system is flawed.

They can be, with no problems; easy_install uses the standard 
distutils.cfg configuration, which can indicate prefix=/usr/local.  Even 
without it, easy_install/setuptools is much less likely to clobber 
Debian installed packages, compared to normal distutils.

>>I just don't think it is an option to say that only one version of a
>>package can be installed.  In /usr/lib/pythonX.Y/site-packages, sure,
>>and there can potentially be other restrictions.  But you are limiting
>>your users too much if there can never be multiple versions installed.
> 
> 
> Stable users will want to keep the same version, and allowing them to
> install several versions provides a way to easily break their systems.
> It also cuts them off the security fixes.

New versions don't overwrite old versions.  I believe that if you have a 
library in /usr/lib, and install a new version to /usr/local/lib, that 
the new version won't ever be accessible until you specifically 
pkg_resources.require() it (or implicitly require it due to 
dependencies).  *However*, to make that work nicely an easy_install'ed 
package should see metadata about Debian installed packages; otherwise 
duplicate versions of libraries have to be installed, because it's not 
reasonable to discover at runtime what Debian packages are installed (if 
only because the Debian package database is much too slow).  Though if 
you really wanted, setuptools/easy_install could be patched to read the 
debian package database on installation, maybe even writing a .egg-info 
directory then (putting it in /usr/local/lib, but it can refer back to a 
library that was installed in /usr/lib).  That mostly depends on the 
enthusiasm of the setuptools packager.

Anyway, in spite of all the disagreement, I think we actually have 
reached a sort of conclusion...

For the packages in question (ultimately leading to packaging 
TurboGears) there's only one current Debian package of consequence: 
ElementTree.  I think it's fine to remove that package in particular 
from the egg dependencies.  So the timescale for changes to Debian 
aren't that much of an issue because these are new packages.  Most of 
the libraries are developed with setuptools upstream... I think all of 
them, in fact (setuptools itself, TurboGears, Kid, SQLObject, 
FormEncode, probably nose as well).

There are some questions about zip files -- simplest answer: don't 
install them as zips.  Some of them can't be installed that way anyway.

There are some questions about the performance implications of 
installing them in subdirectories of site-packages, and extending 
sys.path for each installed package.  You can revert to normal 
installation with an .egg-info directory, and Phillip will (or already 
has?) added support for putting the version number in those directory 
names, so that will all work fine.  I believe if you require a version 
of a package from /usr/local/lib, it will do the Right Thing and change 
sys.path appropriately.

As I think about it, not putting Debian-packaged libraries entirely in 
subdirectories (the typical egg installation) seems best -- keeping 
libraries in subdirectories makes package management easier (by 
easy_install, nest, or whatever), but in this case we definitely *don't* 
want those tools to try to manage those packages.  Maybe we could even 
add a flag to indicate to setuptools/easy_install when a library is 
managed by some external tool?  I think that would add some important 
safety.  I would suggest something like a 
Package.egg-info/managed_by.txt file, whose existance indicates the 
package is externally managed, and whose content explains what manages 
it (so setuptools could provide a nice error message that directs the 
user to apt-get on Debian, or some other native tool on other platforms).

A distutils.cfg file (bug 338572) will allow people to use easy_install 
on Debian systems, and still follow Debian policy.  But I assume that 
such a change will take some time to propogate even if it is applied 
immediately to sid.  But even without it, easy_install won't overwrite 
any Debian package files without that configuration file.  I think 
easy_install also gives some scary-looking warnings in that case, but 
that might be possible to handle in documentation, especially if we all 
agree on what steps users should be following.


-- 
Ian Bicking  /  ianb at colorstudy.com  /  http://blog.ianbicking.org

More information about the Distutils-SIG mailing list