Re: PEP 453 affects Debian packaging of Python packages

To: debian-python@lists.debian.org
Subject: Re: PEP 453 affects Debian packaging of Python packages
From: Scott Kitterman <debian@kitterman.com>
Date: Wed, 18 Sep 2013 10:33:52 -0400
Message-id: <[🔎] f334a621-28af-48ab-a188-0f1dd29f1071@email.android.com>
In-reply-to: <[🔎] 20130918133621.GA4489@helios.localdomain>
References: <[🔎] 7wioxyy4zd.fsf@benfinney.id.au> <[🔎] CAKTje6Gru1SO8FecLEpdXBnYZfshuzJwLO6t6cx-PoXRbiT+6g@mail.gmail.com> <[🔎] 20130918074822.GA13366@crater2.logilab.fr> <[🔎] 523981C9.8020106@debian.org> <[🔎] 20130918150529.18601sbfufo9btw9@webmail.in-berlin.de> <[🔎] 20130918132219.GH12576@p1otr.com> <[🔎] 20130918133621.GA4489@helios.localdomain>


Paul Tagliamonte <paultag@debian.org> wrote:
>On Wed, Sep 18, 2013 at 03:22:19PM +0200, Piotr Ożarowski wrote:
>> [W. Martin Borgert, 2013-09-18]
>> > As a passionate pip hater I would go for a Conflicts,
>> > which finally would make pip uninstallable :~)
>> > Next steps: get rid of gem, npm, EPT, ...
>> 
>> +1 (unless all these "wheel re-inventors" will speed up a bit -
>they're
>> still where Linux packagers were 5-10 years ago)
>
>And *THIS* is why we get bad reputations.
>
>  1) pip isn't for global package management, for this is stupid. If we
>     disabled root use of pip, I think we'd all be a bit happier.
>
>2) pip workes on *every* supported OS. If you think OSX users or
>windows
> users are installing Python modules with dpkg, you're off your rocker.
>
>  3) We're *NOT* trying to package every module and put it in the
>     archive, for this, also, is stupid. pip can install from pypi,
>     which *is* such a place. Or even Git checkout URLs.
>
>  4) Python modules from dpkg are borderline useless for developers. We
>     package modules so that apps can use them, not so that people can
>     develop with them.
>
>
>I have two codebases, one uses Django 1.2 and another uses 1.4. I can't
>co-install the two, since Python isn't smart enough. As a result, I
>have
>to use virtualenv.
>
>I don't understand the pip hate. Why don't you guys try and, you know,
>figure out *why* these tools were invented. It (for sure) is overly
>simplistic, but it's there for a reason.

I get why they exist. 

I object to the mandatory nature of the proposal and the associated be sure to document for your users why you were idiots and didn't ship this.  End users should not need these kinds of tools. 

I think that introducing a package download mechanism that is not cryptographically secured with a promise to later insecurely update the mechanism to have security is crazy talk.

The basic message I get from the proposal is "screw you Linux".

Scott K

P.S. I'm not nominating myself to be the diplomat that talks to upstream for what are probably obvious reasons.

Reply to:

Follow-Ups:
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Paul Wise <pabs@debian.org>

References:
- PEP 453 affects Debian packaging of Python packages
  - From: Ben Finney <ben+debian@benfinney.id.au>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Paul Wise <pabs@debian.org>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Julien Cristau <julien.cristau@logilab.fr>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Matthias Klose <doko@debian.org>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: "W. Martin Borgert" <debacle@debian.org>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Piotr Ożarowski <piotr@debian.org>
- Re: PEP 453 affects Debian packaging of Python packages
  - From: Paul Tagliamonte <paultag@debian.org>

Prev by Date: Re: PEP 453 affects Debian packaging of Python packages
Next by Date: Re: PEP 453 affects Debian packaging of Python packages
Previous by thread: Re: PEP 453 affects Debian packaging of Python packages
Next by thread: Re: PEP 453 affects Debian packaging of Python packages
Index(es):
- Date
- Thread