[Distutils] Removing dependency_links

Donald Stufft donald at stufft.io
Sun Oct 27 05:35:03 CET 2013

On Oct 27, 2013, at 12:30 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

> On 27 October 2013 14:13, Donald Stufft <donald at stufft.io> wrote:
>> On Oct 26, 2013, at 11:59 PM, Donald Stufft <donald at stufft.io> wrote:
>>> Ok here’s the real list: https://gist.github.com/dstufft/7177500
>> Quick note that this list is a list of projects that have *ever* used
>> dependency links on PyPI. Some of these projects are no longer
>> using them.
> Am I correct in thinking that providing a flag to disable them
> completely will be enough to get ensurepip to behave itself?
> If so, then the bare minimum is to provide such a flag in the bundled
> versions of pip and setuptools and have ensurepip use it.

Yes, it only needs to exist in pip as well, it does not need to exist
in setuptools for ensurepip’s purposes.

> I also think it is reasonable to continue offering a feature like
> dependency_links on an opt-in basis for controlled environments (I see
> it as analagous to the direct references feature in PEP 440).
> That would make the migration look something like:
> pip 1.5 (and associated minimum required version of setuptools):
>  - add a disable switch for dependency link handling
>  - add at least a per-project opt-in for dependency link handling
> (and perhaps a global opt-in)
>  - deprecate implicit handling of dependency links
> pip 1.6:
>  - dependency links are disabled by default, must opt-in to process them
> Cheers,
> Nick.

What if pip 1.5 added a —no-dependency-links flag, and then pip 1.6 ignored
them by default but if a package cannot be installed it would print something

The package {foo} was unable to be found which was depended on by {bar},
{bar} has suggested some additional links for locating dependencies, you
can use any of them by using the —find-links flag such as pip install —find-links <url>.

The suggested urls are:

This allows users to opt in on a per url basis (and under the covers the implementation
would be the same, dependency links just get added to find-links) without adding
yet another flag.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20131027/c7473d3d/attachment.sig>

More information about the Distutils-SIG mailing list