eggs considered harmful

Robert Kern robert.kern at
Fri Jun 22 01:36:55 CEST 2007

Harry George wrote:
> least around here.
> I run a corporate Open Source Software Toolkit, which makes hundreds
> of libraries and apps available to thousands of technical employees.
> The rules are that a) a very few authorized downloaders obtain
> tarballs and put them in a depot and b) other users get tarballs from
> the depot and build from source.
> Historically, python packages played well in this context.  Install
> was a simple download, untar, build/install.
> Eggs and with other setuptools-inspired install processes break this
> paradigm.  The tarballs are incomplete in the first place.  The builds
> sometimes wander off to the internet looking for more downloads.  The
> installs sometimes wander off to the internet looking for
> compatibility conditions.  (Or rather they try to do so and fail
> because I don't let themn through the firewall.)

Have you considered establishing a policy that these setuptools-using packages
should be installed using the --single-version-externally-managed option to the
install command? This does not check for dependencies.

Alternately, you can provide a company repository of the tarballs and their
depedencies tarballs. Your users can use the easy_install option --find-links to
point to that URL such that they do not have to go outside of the firewall to
install everything.

> These are unacceptable behaviors.  I am therefore dropping ZODB3, and
> am considering dropping TurboGears and ZSI.  If the egg paradigm
> spreads, yet more packages will be dropped (or will never get a chance
> to compete for addition).

I'm sorry to hear that.

> I've asked before, and I'll ask again: If you are doing a Python
> project, please make a self-sufficient tarball available as well.  You
> can have dependencies, as long as they are documented and can be
> obtained by separate manual download. 

Given the options I outlined above, you can easily satisfy these requirements
for the vast majority of setuptools-using packages that are out there. There are
a handful of packages that only distribute the eggs and not the source tarballs,
but those are rare.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
 that is made terrible by our own mad attempt to interpret it as though it had
 an underlying truth."
  -- Umberto Eco

More information about the Python-list mailing list