[Distutils] Python people want CPAN and how the latter came about

[Lennart Regebro]

On Wed, Dec 23, 2009 at 10:32, smueller at cpan.org <smueller at cpan.org> wrote:
>> I have to say that I vastly prefer not to have any authorization and
>> allow anyone to release anything in any namespace. But then I am
>> getting fanatically anarchical in these issues. You can not organize
>> freedom.
>
> But you have to.

No, I really mean it whan I say you can't. And you never *have* to do
the impossible, and trying just leads to problems. I realize this is a
matter of attitude, but if the sentence "I want CPAN" means "I want
restrictions and controls and people preventing others from uploading
stuff", then they are misguided.

> What you're saying here means you virtually throw
> away the ability to do anything useful with namespace meta data.

*shrugs* Namespaces has no metadata in Python. They are just
namespaces, no more, no less. The names of your *packages* is
protected on PyPI. But several people can use the same *namespace*.
Ie, nobody can upload a "Twisted" package, except those who have the
permission. But people can upload a "zope.my.own.package", even though
the namespace "zope" is already used by other packages.

> Think about it like this: If you install any module from CPAN (and
> only the valid ones end up in the index), you can use all of them in
> the same application. If module A and B could both implement
> Config::Parser, then you couldn't use both of them at the same time.

This would be true for Python too. But Python doesn't try to pretend
that all the packages that exist are some sort of standard library,
and therefore don't try to put them all into one sort of hierarchical
organized namespace. And to be honest I don't see the point of doing
that.

> Still. We allow for a lot of creative freedom. We just don't want a
> random newbie upload a shiny package "DB" which implements his idea of
> a database interface when it's really the name of the package that
> implements the Perl debugger. He can still upload. The file will be
> accessible in his CPAN directory. Users can install it from the CPAN
> shell as "install NEWBIEUSERID/DB-1.00.tar.gz", but not as "install
> DB" or "$ cpan DB".

I see. But IMO Perl then there starts out with trying to organize
freedom from the start, and that then leads to the above problem that
newbies can come up and mess up this so called organized freedom,
which means you need to restrict it even more by having people control
and restrict the namespaces, etc, etc. You end up having to have more
organisation to fix the problems your organisation caused. This is,
without trying to be rude or anything", the fate of all bureaucracies.

> This is a safeguard against insanity and it's the thing that means
> that you can trust "cpan PAR" to always install the Perl Archive
> Toolkit that was released by Autrijus Tang, Roderich Schupp, or myself
> (we share co-maintenance). It's never going to be some random junk.
> And that you auto-register a namespace on upload is the guarantee.

And obviously on PyPI, it's first come first serve as well. But nobody
would call a db package "db" if one already exists. Why would they do
that? What's the point? Why would I make a completely new package
called "Twisted" for example? There already is one. It's just a
mindset that is completely incomprehensible to me.

I expect what I would call creative freedom, you would call total anarchy.

> PS: Let me comment on another post of yours quickly. No. In the Perl
> community, the name "CPAN" doesn't yield confusion. It's just a way to
> refer to the whole ecosystem

OK, that's not how it sounded in your first post, thanks for clarifying.

-- 
Lennart Regebro: http://regebro.wordpress.com/
Python 3 Porting: http://python-incompatibility.googlecode.com/
+33 661 58 14 64