[Distutils] Removing dependency_links
holger krekel
holger at merlinux.eu
Sun Oct 27 06:07:19 CET 2013
On Sun, Oct 27, 2013 at 14:30 +1000, Nick Coghlan wrote:
> On 27 October 2013 14:13, Donald Stufft <donald at stufft.io> wrote:
> >
> > On Oct 26, 2013, at 11:59 PM, Donald Stufft <donald at stufft.io> wrote:
> >
> >> Ok here’s the real list: https://gist.github.com/dstufft/7177500
> >
> > Quick note that this list is a list of projects that have *ever* used
> > dependency links on PyPI. Some of these projects are no longer
> > using them.
>
> Am I correct in thinking that providing a flag to disable them
> completely will be enough to get ensurepip to behave itself?
>
> If so, then the bare minimum is to provide such a flag in the bundled
> versions of pip and setuptools and have ensurepip use it.
>
> I also think it is reasonable to continue offering a feature like
> dependency_links on an opt-in basis for controlled environments (I see
> it as analagous to the direct references feature in PEP 440).
>
> That would make the migration look something like:
>
> pip 1.5 (and associated minimum required version of setuptools):
> - add a disable switch for dependency link handling
> - add at least a per-project opt-in for dependency link handling
> (and perhaps a global opt-in)
> - deprecate implicit handling of dependency links
>
> pip 1.6:
> - dependency links are disabled by default, must opt-in to process them
So 400 projects out of 35000 ever used dependency links.
I checked three random ones:
- flask-mongorest: does not use it anymore
- Pylons: deplink goes to 502 page, and has the latest release on pypi.
- OpenCoreRedirect: one of out three deplinks work but goes to a page
that doesn't appear to be one. Latest release is 0.5.1, available
on pypi Project, four years old.
Judging from this little sample: if a questionable feature is used by
<1% of projects and even they likely to not work/don't rely on it
anymore, i don't think we should spend or make Donald spend much efforts
on it. Rather do the supposed 1.6 change for 1.5 already.
Note that I was the guy publically pressing for backward-compat but
that was for the introduction of "--pre" which broke many usages. This
does not start to compare to this change here. Also pip-1.5 would
cleanly bail out and tell what to do whereas the need for "--pre" was
more implicit as people could get the wrong version suddenly without
noticing/understanding.
best,
holger
More information about the Distutils-SIG
mailing list