Re: s/-setuptools/-pkg-resources/ dependency : also in upstream EGGs?

To: Stefano Zacchiroli <zack@debian.org>
Cc: debian-python@lists.debian.org
Subject: Re: s/-setuptools/-pkg-resources/ dependency : also in upstream EGGs?
From: Piotr Ożarowski <piotr@debian.org>
Date: Mon, 14 Sep 2009 13:23:46 +0200
Message-id: <[🔎] 20090914112346.GE2892@piotro.eu>
Mail-followup-to: Stefano Zacchiroli <zack@debian.org>, debian-python@lists.debian.org
In-reply-to: <[🔎] 20090914053217.GA5152@usha.takhisis.invalid>
References: <200909130916.n8D9GpLi007074@bolero.cs.tu-berlin.de> <[🔎] 20090913202005.GB3946@usha.takhisis.invalid> <[🔎] 20090914000043.GB2892@piotro.eu> <[🔎] 20090914053217.GA5152@usha.takhisis.invalid>

[Stefano Zacchiroli, 2009-09-14]
> On Mon, Sep 14, 2009 at 02:00:43AM +0200, Piotr Ożarowski wrote:
> > it's safe to remove requires.txt from binary package (not the whole
> > Egg-info, it can contain important data, f.e. entry points)
> 
> Uhm, please expand on "it's safe".

If you have all the dependencies listed in Depends, requires.txt is not
needed even if upstream is using

  pkg_resources.require('PyFooBar >= X.Y')

in the code - it will be satisfied by "python-foo >= X.Y" in Depends
(replace foo with module name PyFooBar is providing).

BTW, you cannot rely on requires.txt anyway (although you should always
check it while packaging new upstream release) - upstreams tend to
ignore this file or bump minimum required versions to the ones they use
at the moment.

> I've seen in the past EGG loading due to unsatisfied dependencies at the
> EGG level. So if the requires.txt is there, unless something has
> changes, it can induce failures in loading.
> 
> Then, with "it is safe", do you mean that if the requires.txt is not
> there, dependencies at the EGG level will not be checked? That would be
> fine in Debian (given we ensure dependencies at another level), but also
> a bit risky since we lose a level of runtime testing.

If package is not depending on all needed libraries, it's a serious bug
in the package, IMHO.

> Otherwise, is there are no risks whatsoever in removing requires.txt, I
> believe legacy tools used to build packages should do that.

There's no harm in leaving it the binary package (except wasting few CPU
cycles) unless Egg is changed in Debian, like in this case
(pkg_resources is part of setuptools). You can patch setup.py (which
generates requires.txt) to skip setuptools in requires.txt (hint:
install_requires).

Removing requires.txt in dh_py* is not a good idea IMHO, requires.txt
can actually help maintainers (who are not reading debdiff[1]) to
detect new dependencies while testing package.

[1] /me is giving a hard time to sponsorees who didn't read it before
    sending RFS mail :)
-- 
-=[     Piotr Ożarowski     ]=-
-=[ http://www.ozarowski.pl ]=-

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- s/-setuptools/-pkg-resources/ dependency : also in upstream EGGs?
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: s/-setuptools/-pkg-resources/ dependency : also in upstream EGGs?
  - From: Piotr Ożarowski <piotr@debian.org>
- Re: s/-setuptools/-pkg-resources/ dependency : also in upstream EGGs?
  - From: Stefano Zacchiroli <zack@debian.org>

Prev by Date: Re: will 2.6 be default?
Next by Date: Python packaging
Previous by thread: Re: s/-setuptools/-pkg-resources/ dependency : also in upstream EGGs?
Next by thread: Python packaging
Index(es):
- Date
- Thread