[Distutils] flip the pip dependencies (was Current status of PEP 439)

Donald Stufft donald at stufft.io
Sat Jul 13 21:50:01 CEST 2013

On Jul 13, 2013, at 3:35 PM, Marcus Smith <qwcode at gmail.com> wrote:

> As you're aware I think it makes the most sense to just bundle setuptools wholesale. This makes it impossible to "break" pip by something going wrong in setuptools causing it to be uninstalled and means that for users who are only doing installs, they don't need setuptools installed just pip.
> I'm a fan of bundling too (if it works), but the "dynamic install of setuptools" idea also offers what you mention, although admittedly with more fragility.   If a user uninstalled setuptools, it would be installed again when needed,  and users only need pip to get started, and don't have to think about the setuptools dependency themselves.   
> The drawbacks of bundling setuptools:
> 1) maybe some weird bug/side-effect shows up after we do it (ok, maybe that's FUD)
> 2) users can't upgrade themselves (for use in pip)
> 3) more tedium in our release process.
> 4) feels odd to bundle it knowing we'd likely drop it later, if we do the MEBs thing.
> Marcus

1) That's kinda FUD-y yea ;) But I'd say it's equally as likely to have weird bugs/side effects due to people using different combinations of pip/setuptools with pip than we've tested.

2) This much is true, the question then becomes how important is that? If there's a major regression in setuptools that needs fixed I'd think we'd release an updated pip. If there's new functionality I would guess we'd need to expose that in pip anyways.

3) I think this isn't as big of a deal as it sounds. Especially given we can write tooling to make it simpler :)

4) Even if MEBs were here *right now* we'd still have nearly 150k source dists that required setuptools. So either in the MEB system we'd be grabbing setuptools *a lot* or we could just bundle it to provide a better UX for people using the large corpus of existing software. I think it will be a long time once the MEBs exist before they gain enough traction that even the bulk of installs are using that system. MEBs depend on sdist 2.0 which hasn't even been started yet ;)

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130713/e416b1e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130713/e416b1e5/attachment.pgp>

More information about the Distutils-SIG mailing list