eggs considered harmful
robert.kern at gmail.com
Fri Jun 22 01:36:55 CEST 2007
Harry George wrote:
> ...at least around here.
> I run a corporate Open Source Software Toolkit, which makes hundreds
> of libraries and apps available to thousands of technical employees.
> The rules are that a) a very few authorized downloaders obtain
> tarballs and put them in a depot and b) other users get tarballs from
> the depot and build from source.
> Historically, python packages played well in this context. Install
> was a simple download, untar, setup.py build/install.
> Eggs and with other setuptools-inspired install processes break this
> paradigm. The tarballs are incomplete in the first place. The builds
> sometimes wander off to the internet looking for more downloads. The
> installs sometimes wander off to the internet looking for
> compatibility conditions. (Or rather they try to do so and fail
> because I don't let themn through the firewall.)
Have you considered establishing a policy that these setuptools-using packages
should be installed using the --single-version-externally-managed option to the
install command? This does not check for dependencies.
Alternately, you can provide a company repository of the tarballs and their
depedencies tarballs. Your users can use the easy_install option --find-links to
point to that URL such that they do not have to go outside of the firewall to
> These are unacceptable behaviors. I am therefore dropping ZODB3, and
> am considering dropping TurboGears and ZSI. If the egg paradigm
> spreads, yet more packages will be dropped (or will never get a chance
> to compete for addition).
I'm sorry to hear that.
> I've asked before, and I'll ask again: If you are doing a Python
> project, please make a self-sufficient tarball available as well. You
> can have dependencies, as long as they are documented and can be
> obtained by separate manual download.
Given the options I outlined above, you can easily satisfy these requirements
for the vast majority of setuptools-using packages that are out there. There are
a handful of packages that only distribute the eggs and not the source tarballs,
but those are rare.
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Python-list