On Sat, Jun 16, 2012 at 6:01 AM, Richard Jones <[email protected]> wrote: > "impossible to safely extract requirements in a 100% generic way." > > It has nothing to do with it being the de facto standard and everything to > do with executing untrusted code on pydotorg systems with no guarantee that > we'll even get the setup.py to work in our environment anyway.
I'd say that automatic dependency extraction is a problem of package management tools. PyPI is just a catalog, which critical role is to provide ability to store, query and get dependency information. In the end all dependency information is always provided by package maintainer - setup.py or metadata or whatever is only a medium. So if there is a way to submit the info through the API manually - the tools will follow, _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
