[Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI

Wes Turner wes.turner at gmail.com
Mon Aug 31 14:52:38 CEST 2015 

Thank you for this description of APT!

* debtorrent adds a bittorrent APT transport (to download packages from
*more than one index*)

I, myself, have always wished that APT had a configuration file schema
(JSON, YAML) and was written in Python.

Dnf 1.1.0 just fixed package download caching... More packaging notes:
https://westurner.org/tools/#packages

I see that you would remove the rel= links, because external traversal and
allow_hosts. -- A somewhat relevant suggestion would be to add schema.org
RDFa to the pages (so search engines can offload the search part) (and
include the install_requires edges in the ./JSON-LD, as well).
On Aug 31, 2015 6:07 AM, "Wichert Akkerman" <wichert at wiggy.net> wrote:

>
> On 31 Aug 2015, at 12:36, Paul Moore <p.f.moore at gmail.com> wrote:
>
> On 31 August 2015 at 10:43, Wichert Akkerman <wichert at wiggy.net> wrote:
>
> I just wanted to add a bit of context, since your statement seemed to
> reflect a slightly different reality than mine. You do bring up a good
> point though. I really like the apt-preferences approach. That allows you
> to define some rules to set which repository should be used. You can do
> things like always prefer a specific repository, or do that only for
> specific packages, with a default rule to use whichever repository has the
> latest version. Very, very useful.
>
>
> There's been a few posts now about how the new system is or is not
> like Linux package management systems. As a Windows user, my view of
> Linux package management is pretty limited. To me it seems like the
> basic approach is, if a package is in the official repo, you can just
> do apt-get install (or yum install) and it works. If the package is
> elsewhere, you need to find out where (usually manually, as far as I
> can see) and then do a bit of config, and then the package is
> available just like standard ones. That's pretty much the same as the
> proposed solution for PyPI/pip.
>
> If there's any additional functionality that Linux systems provide,
> could someone summarise it from an end user POV for me? (And maybe
> also point out why I'd never noticed it as a naive Linux user!) To me,
> that's a key to whether this PEP is missing something important
> relative to those systems.
>
>
> Sure. My knowledge of rpm is 20 years out of date, so I am going to focus
> the deb/dpkg/apt world only. The whole packaging system is build around
> archives. The packaging tools themselves do not have anything hardcoded
> there, they pick up the archive from a configuration file
> (/etc/apt/sources.list). That file lists all archives. For example:
>
> # Hetzner APT-Mirror
> deb http://mirror.hetzner.de/ubuntu/packages trusty main restricted
> universe multiverse
> deb-src http://mirror.hetzner.de/ubuntu/packages trusty main restricted
> universe multiverse
>
> deb http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
>
> deb http://security.ubuntu.com/ubuntu trusty-security main restricted
> deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
>
> There are two things of note here: you can have multiple archive types
> (“deb” and “deb-src” in this case), and different URL types. Besides the
> standard http there is also a cdrom scheme which can mount cdroms, there is
> a tor scheme now, etc. These are pluggable and handled by a binaries in
> /usr/lib/apt/methods/ . When you do an install of a new computer the
> installer will add some default repositories there, generally a local
> mirror and the security archive. https://wiki.debian.org/SourcesList has
> some more detailed information (which is probably not relevant here).
>
> There are some convenient tools available to register extra archives. For
> example add-apt-repository, which allows you to do this:
>
> # add-apt-repository ppa:saltstack/salt
> # add-apt-repository “deb http://nl.archive.ubuntu.com/ubuntu trusty
> universe"
>
>
> This will try to download and configure the correct GPG key to check
> archive signatures as well.
>
> Each archive has an index which lists all its packages with metadata. You
> download these to your system (using “apt-get update” or a GUI), and the
> local copy is used by all other tools. That results in fast searches, and
> solvers having fast access to the complete database of available packages.
>
> When installing a package your normally get the latest version,
> independent of which archive has that version. You can ask the system which
> versions are available:
>
> # apt-cache policy salt-minion
> salt-minion:
>   Installed: 2015.5.3+ds-1trusty1
>   Candidate: 2015.5.3+ds-1trusty1
>   Version table:
>  *** 2015.5.3+ds-1trusty1 0
>         500 http://ppa.launchpad.net/saltstack/salt/ubuntu/ trusty/main
> amd64 Packages
>         100 /var/lib/dpkg/status
>      0.17.5+ds-1 0
>         500 http://mirror.hetzner.de/ubuntu/packages/ trusty/universe
> amd64 Packages
>         500 http://de.archive.ubuntu.com/ubuntu/ trusty/universe amd64
> Packages
>
> In this case there are two versions available: 2015.5.3+ds-1trusty1 is
> currently installed and came from a ppa, and 0.17.5+ds-1 which is available
> from two mirrors.
>
> This can result in somewhat interesting behaviour when multiple archives
> have the same packages and are updated independently. To handle that you
> can define preferences to tell the system how you want to handle that. For
> example if you want salt to always be installed from the ppa you can define
> this preference:
>
> Package: salt*
> Pin: origin “LP-PPA-saltstack-salt”
> Pin-Priority: 900
>
>
> This makes sure packages from the salt ppa have a higher priority, so they
> are always preferred. You can also use this to make an  archive of
> backports available on your system, but only track a few specific packages
> from there. There are more options available there; see
> https://wiki.debian.org/AptPreferences and
> https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_tweaking_candidate_version for
> more information.
>
> Wichert.
>
>
>
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20150831/3c01f5ac/attachment.html>

More information about the Distutils-SIG mailing list