[Distutils] Different purposes for Setuptools requirements versus Pip requirements (was: Maintaining a curated set of Python packages)
Ben Finney
ben+python at benfinney.id.au
Thu Dec 8 22:41:53 EST 2016
Jeremy Stanley <fungi at yuggoth.org> writes:
> [the ‘pbr’ library] does allow you to basically abstract away most
> common configuration into declarative setup.cfg and requirements.txt
> files
Hmm. That description sounds like a mistaken conflation of two things
that should be distinct:
* Declaration in Setuptools metadata of what versions of dependencies
this distribution is *compatible with*.
This purpose is served by Distutils ‘install_requires’ (and
‘test_requires’, etc.). It is characterised by specifying a range of
versions for each dependency, for allowing dependency resolvers to
have options to choose from.
foo >=1.2, <3.0
* Declaration in Pip metadata for what *exact version* of each
dependency I want to deploy.
This purpose is served by Pip ‘requires.txt’ input. It is
characterised by pinning a *single* version of each dependency, for a
deterministic, repeatable deployment.
foo == 1.4.7
If we're saying ‘pbr’ encourages the use of a single set of declarations
for those quite different purposes, that sounds like an attractive
nuisance.
For those who haven't read it, see this post from Donald Stufft for why
those purposes need to be kept distinct:
There’s a lot of misunderstanding between setup.py and
requirements.txt and their roles. A lot of people have felt they are
duplicated information and have even created tools to handle this
“duplication”.
<URL:https://caremad.io/posts/2013/07/setup-vs-requirement/>
--
\ “Corporation, n. An ingenious device for obtaining individual |
`\ profit without individual responsibility.” —Ambrose Bierce, |
_o__) _The Devil's Dictionary_, 1906 |
Ben Finney
More information about the Distutils-SIG
mailing list