[Distutils] PEP 376, the INSTALLER file, and system packages

Donald Stufft donald at stufft.io
Fri Jan 22 14:28:52 EST 2016

> On Jan 22, 2016, at 1:46 PM, Nathaniel Smith <njs at pobox.com> wrote:
> On Jan 22, 2016 10:11 AM, "Donald Stufft" <donald at stufft.io <mailto:donald at stufft.io>> wrote:
> >
> > PEP 376 added a file to the .dist-info directory called "INSTALLER" which was
> > supposed to be:
> >
> >     This option is the name of the tool used to invoke the installation.
> >
> > However, nothing has really ever implemented it and it's gone largely ignored
> > until just recently pip 8.0 started writing the INSTALLER file into the
> > metadata directories with a value of "pip".
> >
> > I'd like to propose adding a special cased value to add to the installer file
> > that will tell projects like pip that this particular installed thing is being
> > managed by someone else, and we should keep our hands off of it. According to
> > PEP 376 the supported values for this file are r"[a-z0-9_-.]", however I think
> > since nobody has ever implemented it, we could expand that so that it so you
> > can also have a special value, of "dpkg (system)" or maybe that's not worth it
> > and we could just have "system" as a special value.
> I think we want more than just "system", because the same user could have some packages managed by dpkg and some by conda, both of which have their own dependency resolution mechanisms that are outside pip's and could get broken if pip removes stuff willy-nilly. And when pip errors out, you want to be able to explain to the user "this package is managed by conda, and using pip on it may break your conda setup..." versus "this package is managed by Debian, and using pip on it may break your Debian setup...".
> (Actually I'm not sure what the status these days is of mixing pip and conda -- they've gotten somewhat better at handling it. Is the proposed behavior in pip when it sees this flag something that distribution maintainers have asked for? Are they present in this thread?)

Yea, that’s why I thought about dpkg (system) or system(Debian) or something. The main reason I can think of for preferring “system” is if we don’t want to change the valid characters for a value in this file. Then you can have system(Debian) and system(Conda) and everything will work just fine.
> > The benefit of doing this, is that with a special value in that file that says
> > "this file belongs to the OS", then pip could start looking for that file and
> > require a --force flag before it modifies any files belonging to that project.
> > Then distributors like Debian, Fedora, etc could simply write out the INSTALLER
> > file with the correct value, and pip would start to respect their files by
> > default.
> I'd like a little more clarity on exactly what circumstances justify setting this flag. If I write a new python package manager, then should I set this flag on all my packages because I don't trust anyone else to get things right? :-)
> Maybe the relevant thing is what I said above, that there is some system tracking these files that is not using the dist-info directory as its source-of-truth about what's installed, dependencies, etc.
> -n

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160122/3cd580b9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160122/3cd580b9/attachment.sig>

More information about the Distutils-SIG mailing list