[Distutils] .egg-info metadata
PJ Eby
pje at telecommunity.com
Fri Sep 21 18:52:17 CEST 2012
On Fri, Sep 21, 2012 at 11:04 AM, Brett Cannon <brett at python.org> wrote:
> Agreed. While I might have a suggestion to grab some project from some place
> on e.g. bitbucket,
This might've been buried in the thread, but that's *precisely* what
dependency links are: a *suggestion* as to where a *normally declared
dependency* can be filled.
Tools have the option to consume these suggestions, or not. And
easy_install *only* uses these suggestions after all other available
options for finding the dependency have been exhausted. (E.g. PyPI,
already-installed packages, links or indexes supplied on the command
line, etc.)
So there are two ways to block the use of dependency links:
1. Host restrictions (which can come from the command-line, personal
config, or site config)
2. Alternate indexes or command-line overrides for dependency links
(also configurable in the above-mentioned places) that satisfy all the
needed dependencies (so that easy_install doesn't bother with the
suggested links)
And you can easily combine the two, even if you're not the NSA. ;-)
(You can also ask easy_install not to install dependencies at all, and
handle it all yourself.)
My point here, btw, isn't to advocate for the exact implementation of
dependency links; I just want to make sure everybody knows what they
*are*, because AFAICT there has been some huge misunderstanding and
FUD going on in this thread, and people making judgments based on
amplifying other people's misinterpretations of other people's
misunderstandings.
More information about the Distutils-SIG
mailing list