[Distutils] One Package Per Project
tseaver at palladion.com
Fri May 1 16:49:43 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Brandon Craig Rhodes wrote:
> I think that, going forward, Python packaging tools (not installation
> tools; they should remain as they are, for backwards compatibility)
> should move to supporting only One Package Per Project. And, each
> project should have the same name as the package inside. In the future,
> people should have to download an old copy of distutils deliberately if
> they want to build projects with several packages inside; we should stop
> releasing tools that support or encourage it.
> 1. It is easier on developers who want to "import escher" to know that
> they can simply list "escher" as a dependency instead of having to
> guess whether it's "Escher" or "EscherProject" or whether it's part
> of a larger "lithographers" project or whether, heaven forbid, the
> author decided to redundantly call the project "pyescher".
> 2. This practice would make PyPI's name make actual sense. It actually
> claims to be (you can check the site!) the "Python *Package* Index"
> whereas in fact it's currently nothing of the sort! It's really an
> index of "projects" that might have zero, one, or several packages
> inside of them. We should move all projects towards the good
> behavior of the ones that already name themselves after the single
> package that they contain.
> 3. I think the whole idea of putting several packages in a project was
> useful back when dependencies didn't exist. It made sense, in
> ancient days, for "ZODB" to include "transaction" because there was
> no other way to make sure they got installed together. But now that
> dependencies are possible, there is no longer a need for multiple-
> package project that outweights the costs involved.
> 4. The current scheme makes it impossible to choose a "safe" package
> name when creating and registering a new package. Just because
> there's no "escher" *project* when you look at PyPI doesn't mean
> that some project doesn't have an "escher" package hidden inside.
> You could choose a package name, distribute your product, and only
> find out later that your users cannot install both your pr-duct and
> another product simultaneously because the other product was, in
> fact, already using that package name but without your knowing it.
- -1. Infeasible, AFAICT, even if I agreed with the goals:
- - While trying out new bits of software, the developer is already going
to know the PyPI name: that is how she found the package in the first
place (most likely).
- - There are scores of "projects" extant whose names don't match the
single, top-level package they contain, and will be for the
- - There are a number of "projects" which don't ship any top-level
package at all, but contain one or more modules.
- - "Bundling" packages together might actually happen more often in
the future (e.g., to ease installation onto the GAE, or to solve
other deployment problems (e.g., needing to install without network
- - Namespace packages were invented to reduce the problem you raise in #4
to competition for the top-level name only. Because those names are
usually about "identity" of the releasing organization, rather than
functionality of the software being released, it has, in fact, worked.
Current status which affects some of your concerns:
- - PEP 314 added a 'Provides' field to PKG-INFO; that field is supposed
to name modules and packages included. That PEP also added 'Requires'
and 'Obsoletes' fields, which are mostly unused. This information is
available on a per-package basis from PyPI at the moment, but see
- - PEP 345 will add 'Provides-Dist', 'Requires-Dist', and
'Obsoletes-Dist' fields to PKG-INFO, where the values are going to be
"project" names and versions.
- - We expect to be able to build index files which can be downloaded
(e.g., from PyPI or another index) which will make it easier to find
and resolve dependency graphs a priori,. This file will be similar to
the index files which yum and apt download from indexes, and could
support queries like those done by 'apt-cache query' or 'yum search',
which should make it easier to find the projects which 'Provide' a
given package name, as well
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Distutils-SIG