At 01:52 PM 11/25/2005 +0100, Josselin Mouette wrote:
It could do it by simply trying to import the module.
Python's import mechanism is fragile in the presence of failed imports that aren't explicitly trapped, and in Python 2.3 it's even more fragile because only the *first* attempt to import a module that has a missing dependency will fail; subsequent imports of that module will return a broken module. Diagnosing such problems is non-trivial.
> 2) check if it can find this dep like setuptools does today (installing them> as eggs somewhere in the user's home) I consider this as a security risk. I hope this can be disabled by default.
It *is*. You have to explicitly run easy_install or setup.py to get any installation of any software, or use an explicit application feature like Trac's "upload a plugin" facility. And I don't agree with Vincenzo's proposal to make easy_install run apt-get in any case. If you want to fetch debs to satisfy a non-Debian Python project, you should use easy_deb. Using easy_install only makes sense if you are using bleeding-edge stuff installed to your home directory or a special project directory, so you don't want to fetch any debs in that case because you're not updating the *system* packages.