[Distutils] PEP440: foo-X.Y.Z does not satisfy "foo>X.Y"?

Donald Stufft donald at stufft.io
Mon Dec 22 21:33:55 CET 2014 

> On Dec 22, 2014, at 3:20 PM, Marcus Smith <qwcode at gmail.com> wrote:
> 
> In PEP440,  foo-X.Y.Z does not satisfy the specifier  "foo>X.Y" (although it satisfies "foo>=X.Y")
> 
> for example,  foo-1.7.2 will not satisfy  "foo>1.7", but it will satisfy "foo>=1.7"
> 
> for '>' and '<', PEP440 states that they are "interpreted as implying the prefix based version exclusion clause != V.*"
> 
> the rationale from Donald for this is explained here:  https://bitbucket.org/pypa/setuptools/issue/301/101-in-requirementparse-foo-10-results <https://bitbucket.org/pypa/setuptools/issue/301/101-in-requirementparse-foo-10-results>
> 
> in brief, this was done to avoid pre-releases (i.e. something like "foo-1.7a1") satisfying "foo<1.7".   
> 
> It seems to me we've just traded one confusion for another, and this seems worse (to me at least, although I'm trying to let it sink in)
> 
> 1.7.2 is greater than 1.7, and the specifiers should honor that.  It's hard to accept otherwise.
> 
> Yes, it's true in the past, when people would get a pre-release installed (for example 1.7a1), when they really wanted something in the 1.6.X series, that was also confusing.  But now that pip now excludes pre-releases by default, it seems that confusion is mostly solved practically speaking, so why solve it (and create a new confusion)?
> 

It’s true that pip doesn’t install pre-releases by default (assuming there is any final releases available), but that doesn’t actually solve the underlying problem - it just masks it. When people put ``foo<8`` in their install_requires they generally do not expect to get ``8.0.dev0``, and in my opinion, they shouldn’t get ``8.0.dev0`` even if someone uses —pre.

In a way, we have replaced one confusion for another, although I do not believe it to be that bad and I believe that the current situation is better because:

* In my searches of github and my experience, use of the > instead of >= is fairly limited, meanwhile use of < to mean how it’s interpreted now is far more common.
* The new behavior maintains consistency between < and >, so that specifiers that “look” the same act the same, maintaining consistency between them.
* I think that having the > and < behavior vary is a *worse* confusion, and I believe that the behavior of < is far better than previous.

In particular, <, >, ~=, and, when using a .*, the != and == use the number of dots in the given specifier to indicate the precision of the specifier.

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20141222/0b52f5fb/attachment.html>

More information about the Distutils-SIG mailing list