[Distutils] "Python Package Management Sucks"

Jim Fulton jim at zope.com
Wed Sep 24 02:24:51 CEST 2008

On Sep 23, 2008, at 6:42 PM, Rick Warner wrote:

> Jim Fulton wrote:
>> On Sep 23, 2008, at 5:44 PM, Rick Warner wrote:
>>> Jeff Younker wrote:
>>>> I have to say, as a developer, and a system administrator, I like  
>>>> setuptools.   It does
>>>> what I need.  Could it be better?  Sure.  For what I use python  
>>>> for on a day-to-day
>>>> basis it makes my life a thousand times better than it was before  
>>>> setuptools.  Nothing
>>>> ruins your day more than spending *hours* tracing down package  
>>>> dependencies
>>>> just to get the *one* package you need to allow you to perform  
>>>> some crucial task.
>>>> It's even worse when you have to do it on multiple architectures.
>>>> Perl's package location and installation system (CPAN) is one of  
>>>> the primary facts
>>>> contributing to its success.   Perl is a pig.  It's a charming  
>>>> pig that can do lots of tricks,
>>>> but a pig none the less.  What makes it shine is CPAN. And here's  
>>>> the catch:  CPAN
>>>> isn't really any better than setuptools.  It's got warts and nuts  
>>>> all over the place, but
>>>> it works.
>>> And CPAN has some HUGE advantages over setuptools: it is designed  
>>> as a repository, and it is replicated.   Which means it is  
>>> dependable.  Anyone who suffered through the multiple outages of  
>>> PyPI (which in not replicated) over the past year or so, or the  
>>> ongoing outages of the many repositories across the web to which  
>>> PyPI directs users/processes, can understand why this is important.
>> Actually, PyPI is replicated.  See, for example, http://download.zope.org/simple/ 
>> .
>> It may be that some of the mirrors should be better advertised.
> A half-hearted effort. at best,

Hardly, but there's always room for improvement.

> after the problems last year.  When I configure a CPAN client (once  
> per user) I create a list of replicas I want to search for any query  
> from a list of hundreds of  replicas distributed around the world.   
> From then on the client automatically switches to one of my selected  
> replicas when one does not respond in a timely manner.

That's good.  That would be nice to add to setuptools.

>  The minimal set of recent PyPI replicas are neither well advertised,


> and are not automatically searched,

Setuptools and many tools built on it let you configure the index to  
use.  It's true that you can configure only one, but I've found that  
to be sufficient for my needs, but I agree, being able to search many  
would be nice.

>  so therefore ineffective.

Lots of people have found them to be very effective.

> And that is a mere tip of the iceberg, since PyPI is just the index,  
> and the repositories are for the most part not replicated. CPAN  
> sites are both index and repository.

My mirror is just an index, yes.  I've found PyPI's repository to be  
reliable enough for my needs.  I've had the most trouble when  
distributions aren't stored in the PyPI repository.

People are building mirrors that mirror both index and repository/

>  Setuptools and PyPI are light years behind CPAN in regards to  
> creating a usable, reliable method of package deployment.

Behind, yes. Light years? I don't think so.


Jim Fulton
Zope Corporation

More information about the Distutils-SIG mailing list