[Distutils] Removing dependency_links

holger krekel holger at merlinux.eu
Sun Oct 27 06:07:19 CET 2013 

On Sun, Oct 27, 2013 at 14:30 +1000, Nick Coghlan wrote:
> On 27 October 2013 14:13, Donald Stufft <donald at stufft.io> wrote:
> >
> > On Oct 26, 2013, at 11:59 PM, Donald Stufft <donald at stufft.io> wrote:
> >
> >> Ok here’s the real list: https://gist.github.com/dstufft/7177500
> >
> > Quick note that this list is a list of projects that have *ever* used
> > dependency links on PyPI. Some of these projects are no longer
> > using them.
> 
> Am I correct in thinking that providing a flag to disable them
> completely will be enough to get ensurepip to behave itself?
> 
> If so, then the bare minimum is to provide such a flag in the bundled
> versions of pip and setuptools and have ensurepip use it.
> 
> I also think it is reasonable to continue offering a feature like
> dependency_links on an opt-in basis for controlled environments (I see
> it as analagous to the direct references feature in PEP 440).
> 
> That would make the migration look something like:
> 
> pip 1.5 (and associated minimum required version of setuptools):
>   - add a disable switch for dependency link handling
>   - add at least a per-project opt-in for dependency link handling
> (and perhaps a global opt-in)
>   - deprecate implicit handling of dependency links
> 
> pip 1.6:
>   - dependency links are disabled by default, must opt-in to process them

So 400 projects out of 35000 ever used dependency links.
I checked three random ones:

- flask-mongorest: does not use it anymore
- Pylons: deplink goes to 502 page, and has the latest release on pypi.
- OpenCoreRedirect: one of out three deplinks work but goes to a page 
  that doesn't appear to be one.  Latest release is 0.5.1, available
  on pypi Project, four years old.

Judging from this little sample: if a questionable feature is used by
<1% of projects and even they likely to not work/don't rely on it
anymore, i don't think we should spend or make Donald spend much efforts
on it.  Rather do the supposed 1.6 change for 1.5 already.

Note that I was the guy publically pressing for backward-compat but 
that was for the introduction of "--pre" which broke many usages.  This
does not start to compare to this change here.  Also pip-1.5 would
cleanly bail out and tell what to do whereas the need for "--pre" was
more implicit as people could get the wrong version suddenly without
noticing/understanding.

best,
holger

More information about the Distutils-SIG mailing list