[Python-Dev] PEP 376 - Open questions

Eric Smith eric at trueblade.com
Thu Jul 9 04:55:14 CEST 2009 

Steven D'Aprano wrote:
> On Thu, 9 Jul 2009 08:07:21 am Eric Smith wrote:
>> But I think we've veered into metadata that describes what has been
>> installed. I don't think that's so useful. As I've said, this is
>> private to the installers. If 2 installers want to communicate with
>> each other about what they've installed, then they can agree on that
>> data. I just don't find it generally useful for all installers, and
>> therefore not useful for distutils.
> 
> But doesn't this metadata give any two installers a common language to 
> use to communicate, instead of having every pair of installers create 
> their own private communication method?

I really don't get this use case of multiple installers trying to 
install the same package. There's just no way that running "yum install 
twisted" and "apt-get install twisted" and "pip install twisted" are 
going to coexist with each other. The best they can do is say "a file 
I'm trying to install already exists". Why try for anything else?
	
> Personally, I like to be able to look at a package and say "What did 
> that install?" Or contrary-wise, look at a file and say "What package 
> installed that?"

I completely support that. All of the system installers I know of 
support this (at least on Linux; I'm familiar with the msi database 
layout (as exposed by Orca) on Windows, but I've never looked to see if 
they record the results of installing an msi). I just see this as an 
issue within each installer. Why would the installers need to 
communicate this with each other?

> There are few things worse than discovering a bunch of 
> mysterious executable files on your system that you don't remember 
> installing, and then spending a few paranoid hours trying to determine 
> whether you've stumbled across a root kit or virus or whether they have 
> a legitimate reason to be there.

We can't solve the problem of "here's an arbitrary file on the system, 
where did it come from?". There are many, many installers outside of our 
control that might have installed something. Ruby has installers, Perl 
has installers, I'm sure there are hundreds of such installers. The user 
might have even used wget to install something.

More information about the Python-Dev mailing list