[Distutils] PEP440 Version Specifier Syntax

Donald Stufft donald at stufft.io
Mon May 19 15:43:49 CEST 2014 

Currently PEP440 has a version specifier syntax like
``foo (2,~=2,==2,!=2,>=2,<=2,>2,<2)``. This is a hold over from PEP 345 of
which I cannot locate a rationale for this change.

I believe that we should revert this syntax back to the setuptools style of
``foo~=2,==2,!=2,>=2,<=2,>2,<2``. This change represents a backwards
incompatible change to how dependencies are specified for dubious benefits.

* It requires that users learn a new syntax for little/no benefit to them.
* It requires the use of quoting if you use this syntax on the shell.

We are depending on the space + parentheses in order to enable:

* A default comparison operator. This is ~= if the leading version is < 1980
  or >= if the leading version is >= 1980.
* The direct reference syntax, which is ``foo (from https://...)``.

On these, I think that we should also remove the default comparison idea. It
originally started out as a shorthand for ~= but it was realized that this is
going to do wrong thing for date base releases so it was later changed so that
it does ~= or >= depending on the leading version. However it's still going to
do the wrong thing for a wide variety of projects. The current selector for
which you get (~= or >=) is based off of the leading version, however there are
a lot of projects which this detection simply won't work for. One instance of
a project where it won't is Twisted which has date based releases but instead
of using 2014.0 they do 14.0.

While we could mandate to Twisted (and anyone else) that if they want to do
date based they need to use YYYY and not YY as their leading version, it'll
still do the wrong thing for any rolling release which does not use a date
based release scheme. For instance a scheme that simply does an incrementing
version counter.

I think that the default operator is born out of an attempt to be prescriptive
about what meanings people put in their versions. I believe that the inability
to provide a default that is always going to be correct with all sane schemes
points to the idea that guessing in the face of ambiguity is still a bad idea
and we should just require that people be explicit.

If we assume that we're going to ditch the default comparison operator the only
thing left that _requires_ the ``foo (==2.0)`` syntax is the direct reference
syntax (``foo (from https://...)``). For this I think the downsides of the new
syntax outweigh the minor benefits in syntax. I would suggest that we just
define an operator that means direct reference. Something like
``foo at https://...`` could be reasonable and even has a decent verbal
representation in the form of "foo at https://...". This does have the downside
that it might be somewhat confusing if there is an "@" in the URL we are
referencing.

So what do people think? Drop the default comparison operator idea? Drop the
new syntax and continue using the old?

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140519/d8e87732/attachment.sig>

More information about the Distutils-SIG mailing list