[Distutils] draft PEP: manylinux1
Nate Coraor
nate at bx.psu.edu
Fri Jan 29 14:30:16 EST 2016
On Fri, Jan 22, 2016 at 5:42 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> On 22 January 2016 at 19:33, M.-A. Lemburg <mal at egenix.com> wrote:
> > For example, if a package needs a specific version of libpng,
> > the package author can document this and the user can then make
> > sure to install that particular version.
>
> The assumption that any given Python user will know how to do this is
> not a reasonable assumption in 2016.
>
> If a publisher wants to bundle a particular version of libpng, they
> can. If (as is also entirely reasonable) they don't want to assume the
> associated responsibilities for responding to CVEs, then they can
> stick with source distributions, or target more specific Linux
> versions (as previously discussed in the context of Nate Coraor's
> Starforge work)
>
I wonder if, in relation to this, it may be best to have two separate tags:
one to indicate that the wheel includes external libraries rolled in to it,
and one to indicate that it doesn't. That way, a user can make a conscious
decision as to whether they want to install any wheels that could include
libraries that won't be maintained by the distribution package manager.
That way if we end up in a future world where manylinux wheels and
distro-specific wheels (that may depend on non-default distro packages)
live in PyPI together, there'd be a way to indicate a preference.
--nate
>
> Regards,
> Nick.
>
> --
> Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160129/c21a2d95/attachment.html>
More information about the Distutils-SIG
mailing list