[Distutils] distlib and wheel metadata

Nick Coghlan ncoghlan at gmail.com
Wed Feb 15 10:48:44 EST 2017

On 15 February 2017 at 15:58, Paul Moore <p.f.moore at gmail.com> wrote:
> On 15 February 2017 at 14:11, Nathaniel Smith <njs at pobox.com> wrote:
>>> It's mainly a matter of incorporating
>>> https://caremad.io/posts/2013/07/setup-vs-requirement/ into the core
>>> data model, as this distinction between abstract development
>>> dependencies and concrete deployment dependencies is incredibly
>>> important for any scenario that involves
>>> publisher-redistributor-consumer chains, but is entirely non-obvious
>>> to folks that are only familiar with the publisher-consumer case that
>>> comes up during development-for-personal-and-open-source-use.
>> Maybe I'm just being dense but, umm. I don't know what any of these
>> words mean :-). I'm not unfamiliar with redistributors; part of my
>> confusion is that this is a concept that AFAIK distro package systems
>> don't have. Maybe it would help if you have a concrete example of a
>> scenario where they would benefit from having this distinction?
> I'm also finding this discussion bafflingly complex. I understand that
> distributions need a way to work with Python packages, but the issues
> involved seem completely divorced from the basic process of a user
> using pip to install a package with the dependencies it needs to work
> in their program.

As simple as I can make it:

* pinning dependencies when publishing to PyPI is presumptively bad
* PyPI itself (not client tools) should warn you that it's a bad idea
* however, there are legitimate use cases for pinning in PyPI packages
* so there should be a way to do it, but it should involve telling
PyPI "I am an integration project, this is OK"

Most people should never touch the "integrates" field, they should
just change "==" to "~=" or ">=" to allow for future releases of their


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list