[Python-Dev] Update to Python Documentation Website Request

Nick Coghlan ncoghlan at gmail.com
Thu Jul 23 14:30:34 CEST 2009


david.lyon at preisshare.net wrote:
>> Raising it without at least glancing at the list archives which hold
>> copious amounts of virtual text on that topic is somewhat inappropriate
>> though :)
> 
> Well I have consulted every available expert on the distutils list to the
> point where I feel 'up' with the issues at hand.

If you're actually up to speed with the issues, then I apologise. It was
just something of a novelty to see the topic brought up without
easy_install and setuptools even getting a mention.

However, the reason for the asymmetry has less to do with code
(easy_install exists after all) and more to do with the complexities of
system administration.

Providing a native ability to download and install packages from PyPI is
a major maintenance commitment due to a couple of major issues:

1. Providing an installation mechanism that is compatibility with a wide
variety of package management systems across at least Windows, Mac OS X
and the assorted flavours of *nix (Linux RPM, Linux APT, Solaris, *BSD,
etc, etc).

distutils cops a lot of heat already for not playing nicely with distro
packages. easy_install is loathed even more by many system
administrators (and that loathing often appears to flow over onto other
parts of setuptools).

2. There are some serious security implications in providing a native
mechanism for downloading, installing and running code in a
non-sandboxed environment.

The latter problem is probably the more technical of the two, but both
pose fairly complex social issues as well in terms of getting agreement
across disparate groups.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia
---------------------------------------------------------------


More information about the Python-Dev mailing list