[Distutils] Removing dependency_links

Nick Coghlan ncoghlan at gmail.com
Sun Oct 27 05:30:24 CET 2013

On 27 October 2013 14:13, Donald Stufft <donald at stufft.io> wrote:
> On Oct 26, 2013, at 11:59 PM, Donald Stufft <donald at stufft.io> wrote:
>> Ok here’s the real list: https://gist.github.com/dstufft/7177500
> Quick note that this list is a list of projects that have *ever* used
> dependency links on PyPI. Some of these projects are no longer
> using them.

Am I correct in thinking that providing a flag to disable them
completely will be enough to get ensurepip to behave itself?

If so, then the bare minimum is to provide such a flag in the bundled
versions of pip and setuptools and have ensurepip use it.

I also think it is reasonable to continue offering a feature like
dependency_links on an opt-in basis for controlled environments (I see
it as analagous to the direct references feature in PEP 440).

That would make the migration look something like:

pip 1.5 (and associated minimum required version of setuptools):
  - add a disable switch for dependency link handling
  - add at least a per-project opt-in for dependency link handling
(and perhaps a global opt-in)
  - deprecate implicit handling of dependency links

pip 1.6:
  - dependency links are disabled by default, must opt-in to process them


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list