-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phillip J. Eby wrote: > At 04:07 PM 10/11/2007 -0400, Tres Seaver wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have use cases for a couple of extensions to how requirements are >> spelled in a setuptools-enabled project. > > You should probably include them, then. You only sent the > specifications for how you'd like to implement *solutions* for the > problems posed by your use cases. ;-) > > In other words, you didn't explain why it is you think you know > better than the package owner what version his package needs, or why > the existing dependency URL features don't do what you want.
In the case of overrides, I have seen lots of cases where project authors have overspecified dependencies in their requirements for a given distribution, mostly because they don't want to have to support their package configurations they don't test. I'm fine with that line of thought, as long as I have a way to reuse their packaged stuff in combination with mine, where I *do* test with a different version than they do: in such a case, if my package can signal to setuptools that *my* specification should win, I can use their code without forking a new distribution. Working around such a problem today typically requires hand-editing the 'requires.txt' for the over-strict package after installing it. Setup tools provides no way to install an over-strict package as a dependency without propagating those constraints. Pinning a package to a given repository is a common packaging requirement (yum and apt both support it). The driver there is the need to maintain a "known good" configuration, where some packages (at least) are installed from a repository whose maintainers are more reliable / trustworthy than others. (e.g., some maintainers are pretty sloppy about re-releasing packages "in place", or even removing them). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDpOY+gerLs4ltQ4RAseJAJ0T16bFz/mLSPIZq95wUsGKBaUeiwCg1Ag2 RA+Q12lRKThc02ZHzy4dG2c= =+0UV -----END PGP SIGNATURE----- _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
