[Distutils] Beyond wheels 1.0: helping downstream, FHS and more

Steve Dower Steve.Dower at microsoft.com
Thu Apr 16 01:48:33 CEST 2015 

On the Start Menu suggestion, I think that's a horrible idea. Pip is not the system package manager and it shouldn't be changing the system. Unversioned script launchers are in the same category, but aren't quite as offensive.

I know it's only a hypothetical, but I'd much rather it didn't get repeated so often that it actually happens. There are better tools for making app installers, as opposed to package installers.

Cheers,
Steve

Top-posted from my Windows Phone
________________________________
From: Paul Moore<mailto:p.f.moore at gmail.com>
Sent: ‎4/‎15/‎2015 17:24
To: Chris Barker<mailto:chris.barker at noaa.gov>
Cc: distutils-sig<mailto:distutils-sig at python.org>
Subject: Re: [Distutils] Beyond wheels 1.0: helping downstream, FHS and more

On 15 April 2015 at 21:40, Chris Barker <chris.barker at noaa.gov> wrote:
> Which brings us back to the "review of extensions" thing -- I think it's
> less about the end user checking it out and making a decision about it, but
> about the package builder doing that. I have a package I want to be easy to
> install on Windows -- so I go look for an extension that does the Start
> Menu, etc. Indeed, that kind of thing "'should" be part of pip and/or wheel,
> but it would probably be more successful if it were done as third party
> extensions -- perhaps over the years, the ones that rise to the top of
> usefulness can become standards.

In the PEP, there's a concept of "optional" vs "required" extensions.
See https://www.python.org/dev/peps/pep-0426/#required-extension-handling.
This is crucial - I've no problem if a particular extension is used by
a project, as long as it's optional. I won't install it, so it's fine.
It seems to me that pip *has* to ignore missing optional extensions,
for this reason. Of course, that introduces the converse problem,
which is how would people who might want that extension to be
activated, know that a project used it?

Critical extensions, on the other hand, are precisely that - the
install won't run without them. I'd hope that critical extensions will
only be used for things where the installation will be useless without
them. But I worry that some people may have a more liberal definition
of "required" than I do. To be honest, I can't think of *anything*
that I'd consider a "required" extension. Console script wrappers
aren't essential, for example (you can use "python -m pip" even if
pip.exe isn't present). More generally, none of the extensions in PEP
459 seem essential, in this sense. Start menu entry writers wouldn't
be essential, nor would COM registration extensions necessarily be
(most of pywin32's functionality works fine if the COM components
aren't registered). Beyond that I'm struggling to think of things that
might be extensions.

So, as long as the "optional" vs "required" distinction is respected,
people are conservative about deeming something as "essential", and a
missing optional extension doesn't stop an install, then I don't see
extensions as being a big issue.

Based on the above, it's possibly valid to allow "required" extensions
to be auto-installed. It *is* a vector for unexpected code execution,
but maybe that's OK.

Paul

PS The idea of a "Start Menu entries" has come up a lot here. To be
clear, I *don't* actually think such a thing is a good idea (far from
it - I think it's a pretty lousy idea) but it is a good example of
something that people think they ought to do, but in practice users
have widely differing views on whet they prefer or will use, and a
developer with limited experience could easily create a dreadful user
experience without meaning to ("developer" here could either mean the
extension developer, or the package developer using the extension -
both have opportunities to make a horrible mess...) So it's a good
straw man for "an extension that some people will love and others will
hate" :-)

PPS I'm inclined to think that the PEP should say "Installation tools
MUST NOT fail if installer_must_handle is set to false for an
extension that the tool cannot process. Installation tools SHOULD NOT
attempt to install plugins or similar optional functionality to handle
an extension with installer_must_handle set to false, except with
explicit approval from the end user."
_______________________________________________
Distutils-SIG maillist  -  Distutils-SIG at python.org
https://mail.python.org/mailman/listinfo/distutils-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20150415/03996f43/attachment-0001.html>

More information about the Distutils-SIG mailing list