anatoly techtonik | 13 Jun 13:55 2012
Picon

Dependencies

I need to build Fabric RPM package for Fedora. I use py2pack to
generate .spec file, which in turn uses PyPI information for it. The
problem that PyPI completely misses information about dependencies. Is
that intentional, broken or just not implemented? Any previous
discussions/outcomes?

http://pypi.python.org/pypi/Fabric/json - here should be a reference
to ssh package dependency which is present in setup.py as:
    install_requires=['ssh>=1.7.14'],

P.S. My patch queue is still awaiting review comments at this changeset
        https://bitbucket.org/techtonik/pypi-techtonik/changeset/5396f8c60d49#comments
--
anatoly t.
Donald Stufft | 13 Jun 14:20 2012
Picon

Re: Dependencies

setuptools is a non standard addition to Python packaging which
is impossible to safely extract requirements in a 100% generic
way.

Distutils2 / metadata 1.2 includes a safe, good way to specify
requirements similar to setup tools but it's not ready for primetime yet.

On Wednesday, June 13, 2012 at 7:55 AM, anatoly techtonik wrote:

I need to build Fabric RPM package for Fedora. I use py2pack to
generate .spec file, which in turn uses PyPI information for it. The
problem that PyPI completely misses information about dependencies. Is
that intentional, broken or just not implemented? Any previous
discussions/outcomes?

http://pypi.python.org/pypi/Fabric/json - here should be a reference
to ssh package dependency which is present in setup.py as:
install_requires=['ssh>=1.7.14'],


P.S. My patch queue is still awaiting review comments at this changeset
--
anatoly t.
_______________________________________________
Catalog-SIG mailing list

_______________________________________________
Catalog-SIG mailing list
Catalog-SIG <at> python.org
http://mail.python.org/mailman/listinfo/catalog-sig
anatoly techtonik | 13 Jun 14:48 2012
Picon

Re: Dependencies

Thanks for the explanation, but it doesn't directly answer my question.
Why PyPI doesn't include dependency information?

On Wed, Jun 13, 2012 at 3:20 PM, Donald Stufft <donald.stufft <at> gmail.com> wrote:
> setuptools is a non standard addition to Python packaging which
> is impossible to safely extract requirements in a 100% generic
> way.
>
> Distutils2 / metadata 1.2 includes a safe, good way to specify
> requirements similar to setup tools but it's not ready for primetime yet.
>
> On Wednesday, June 13, 2012 at 7:55 AM, anatoly techtonik wrote:
>
> I need to build Fabric RPM package for Fedora. I use py2pack to
> generate .spec file, which in turn uses PyPI information for it. The
> problem that PyPI completely misses information about dependencies. Is
> that intentional, broken or just not implemented? Any previous
> discussions/outcomes?
>
> http://pypi.python.org/pypi/Fabric/json - here should be a reference
> to ssh package dependency which is present in setup.py as:
> install_requires=['ssh>=1.7.14'],
>
>
> P.S. My patch queue is still awaiting review comments at this changeset
> https://bitbucket.org/techtonik/pypi-techtonik/changeset/5396f8c60d49#comments
> --
> anatoly t.
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG <at> python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
>
anatoly techtonik | 13 Jun 15:20 2012
Picon

Re: Dependencies

I mean - PyPI is an external project. It is not a part of
client/server packaging suite, so why should it depend on whenever
some functionality is landed into setuptools, distutils or other
stuff? I'll be pretty comfortable with setting dependencies manually
for a while.

On Wed, Jun 13, 2012 at 3:48 PM, anatoly techtonik <techtonik <at> gmail.com> wrote:
> Thanks for the explanation, but it doesn't directly answer my question.
> Why PyPI doesn't include dependency information?
>
> On Wed, Jun 13, 2012 at 3:20 PM, Donald Stufft <donald.stufft <at> gmail.com> wrote:
>> setuptools is a non standard addition to Python packaging which
>> is impossible to safely extract requirements in a 100% generic
>> way.
>>
>> Distutils2 / metadata 1.2 includes a safe, good way to specify
>> requirements similar to setup tools but it's not ready for primetime yet.
>>
>> On Wednesday, June 13, 2012 at 7:55 AM, anatoly techtonik wrote:
>>
>> I need to build Fabric RPM package for Fedora. I use py2pack to
>> generate .spec file, which in turn uses PyPI information for it. The
>> problem that PyPI completely misses information about dependencies. Is
>> that intentional, broken or just not implemented? Any previous
>> discussions/outcomes?
>>
>> http://pypi.python.org/pypi/Fabric/json - here should be a reference
>> to ssh package dependency which is present in setup.py as:
>> install_requires=['ssh>=1.7.14'],
>>
>>
>> P.S. My patch queue is still awaiting review comments at this changeset
>> https://bitbucket.org/techtonik/pypi-techtonik/changeset/5396f8c60d49#comments
>> --
>> anatoly t.
>> _______________________________________________
>> Catalog-SIG mailing list
>> Catalog-SIG <at> python.org
>> http://mail.python.org/mailman/listinfo/catalog-sig
>>
>>
martin | 13 Jun 18:47 2012
Picon

Re: Dependencies


Zitat von anatoly techtonik <techtonik <at> gmail.com>:

> I need to build Fabric RPM package for Fedora. I use py2pack to
> generate .spec file, which in turn uses PyPI information for it. The
> problem that PyPI completely misses information about dependencies. Is
> that intentional, broken or just not implemented?

It's intentional.

> Any previous discussions/outcomes?

Yes. Search the archives of the previous years. The outcome is that you
shall use PEP 345.

Regards,
Martin
Donald Stufft | 15 Jun 20:36 2012
Picon

Re: Dependencies

On Friday, June 15, 2012 at 12:41 PM, Chris Withers wrote:
On 13/06/2012 13:20, Donald Stufft wrote:
setuptools is a non standard addition to Python packaging which
is impossible to safely extract requirements in a 100% generic
way.

I would argue setuptools is the de facto python packaging dependency
specification, which PyPI should support as a result.
I've started doing work on this front for Crate, but it really isn't possible
to cover all the bases trying to get setuptools dependencies. I've sort of
decided to attempt to cover as much of it as I reasonably and safely can
and just mark them as setup tools dependencies (vs distutils2/packaging which
can be sorted out 100%).

Distutils2 / metadata 1.2 includes a safe, good way to specify
requirements similar to setup tools but it's not ready for primetime yet.

...except that only a fraction of packagers even know what these are,
let alone use them...

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting

_______________________________________________
Catalog-SIG mailing list
Catalog-SIG <at> python.org
http://mail.python.org/mailman/listinfo/catalog-sig
Chris Withers | 15 Jun 18:41 2012

Re: Dependencies

On 13/06/2012 13:20, Donald Stufft wrote:
> setuptools is a non standard addition to Python packaging which
> is impossible to safely extract requirements in a 100% generic
> way.

I would argue setuptools is the de facto python packaging dependency 
specification, which PyPI should support as a result.

> Distutils2 / metadata 1.2 includes a safe, good way to specify
> requirements similar to setup tools but it's not ready for primetime yet.

...except that only a fraction of packagers even know what these are, 
let alone use them...

Chris

--

-- 
Simplistix - Content Management, Batch Processing & Python Consulting
             - http://www.simplistix.co.uk
Richard Jones | 16 Jun 05:01 2012
Picon

Re: Dependencies

"impossible to safely extract requirements in a 100% generic way."

It has nothing to do with it being the de facto standard and everything to do with executing untrusted code on pydotorg systems with no guarantee that we'll even get the setup.py to work in our environment anyway.

Sent from my portable device, please excuse the brevity.

On Jun 16, 2012 2:41 AM, "Chris Withers" <chris <at> python.org> wrote:
On 13/06/2012 13:20, Donald Stufft wrote:
setuptools is a non standard addition to Python packaging which
is impossible to safely extract requirements in a 100% generic
way.

I would argue setuptools is the de facto python packaging dependency specification, which PyPI should support as a result.

Distutils2 / metadata 1.2 includes a safe, good way to specify
requirements similar to setup tools but it's not ready for primetime yet.

...except that only a fraction of packagers even know what these are, let alone use them...

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
           - http://www.simplistix.co.uk
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG <at> python.org
http://mail.python.org/mailman/listinfo/catalog-sig
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG <at> python.org
http://mail.python.org/mailman/listinfo/catalog-sig
"Martin v. Löwis" | 16 Jun 08:41 2012
Picon

Re: Dependencies

On 15.06.2012 18:41, Chris Withers wrote:
> On 13/06/2012 13:20, Donald Stufft wrote:
>> setuptools is a non standard addition to Python packaging which
>> is impossible to safely extract requirements in a 100% generic
>> way.
> 
> I would argue setuptools is the de facto python packaging dependency
> specification, which PyPI should support as a result.

I tried to implement it once, and it was shot down by catalog-sig.

Regards,
Martin
"Martin v. Löwis" | 16 Jun 08:42 2012
Picon

Re: Dependencies

On 16.06.2012 05:01, Richard Jones wrote:
> "impossible to safely extract requirements in a 100% generic way."
> 
> It has nothing to do with it being the de facto standard and everything
> to do with executing untrusted code on pydotorg systems with no
> guarantee that we'll even get the setup.py to work in our environment
> anyway.

Of course, it would be possible to extract the information in a safe way
from packages for which pre-built distributions have been uploaded.

Regards,
Martin

Gmane