[Distutils] Installed Extras Metadata

Paul Moore p.f.moore at gmail.com
Fri Jan 26 10:51:05 EST 2018 

On 26 January 2018 at 15:11, Pradyun Gedam <pradyunsg at gmail.com> wrote:
> Installing a package with extras would not store information about the fact
> that the extras were requested. This means, later, it is not possible to
> know which extra-based optional dependencies of a package have to be
> considered when verifying that the packages are compatible with each other.
> This information is relavant for resolution/validation since without it, it
> is not possible to know which the extra-requirements to care about.
>
> As an example, installing ``requests[security]`` and then uninstalling
> ``PyOpenSSL`` leaves you in a state where you don't really satisfy what was
> asked for but there's no way to detect that either.

1. pip uninstall doesn't check validity, so there's no issue for the uninstall
2. pip check needs this information if it's to complain, and I believe
that's the key point in your question

I think that if we want pip check to validate this situation, we need
to store the data when we install. Where we store it needs to be
decided - I'd assume it would go in the dist-info directory for
requests somewhere, and that's the bit of metadata that needs
agreeing.

Is there any other place where current functionality needs this
information, *apart* from pip check? Are there any proposed additional
features that might need it?

> Thus, obviously, I'm interested in making pip to be able to store this
> information. As I understand, this is done needs to be specified in a PEP
> and/or on PyPUG's specification page.
>
> To that end, here's seeding proposal for the discussion: a new
> `extras-requested.txt` file in the .dist-info directory, storing the extra
> names in a one-per-line format.

Looks OK to me.

But I don't know how important it is to satisfy this use case. I've
never needed this feature (I don't think I've ever used pip check, and
I've very rarely used extras) so I won't comment on that.

Paul

PS I know we talked a bit off-list about this and I said I didn't have
any opinion. I'd misunderstood what you were suggesting a bit, mostly
because the conversation veered off into uninstalling
requests[security] and what that means... So now that you've restated
the issue, I have a bit of an opinion (although still not much :-))

More information about the Distutils-SIG mailing list