On Friday, September 21, 2012 at 3:09 PM, PJ Eby wrote: > On Fri, Sep 21, 2012 at 12:59 PM, Donald Stufft <donald.stu...@gmail.com > (mailto:donald.stu...@gmail.com)> wrote: > > How would you take ``requires: tastypie`` and turn it into > > `django-tastypie`? > > > > > By matching Requires with Provides at the index level. That is, by > having PyPI index packages' Provides so that you can search for > packages that match a given Requires. > >
And when you have 2 packages that both provides: tastypie? Which is a real world occurence. I actually got my projects switched up, it's haystack and django-haystack which have different names on PyPI (and entirely different functions) but are both ``import haystack`` and thus would both be Provides: haystack. https://crate.io/packages/haystack/ https://crate.io/packages/django-haystack/ > > This makes them better than I thought, but still have the "installability" > > and > > security. > > > > > How is this any different than any other part of PyPI? I hate it there too and I've done a little bit to try and make it more obvious to people when people rely on dependencies that aren't hosted on PyPI and I plan to do more in the future. (I realize the historical significance of it, I just don't think it should bind us to be stuck with it forever). But that's a separate argument for a different day. > I would have to dig into the code to be sure, actually. But I don't > see any problem with restricting them to the dependency subtree being > resolved. It's possible that the current easy_install implementation > leaks dependencies to sibling installs, but if it does, it's probably > not hard to fix. I only asked this because if it works for siblings I could imagine a case where someones install set worked, but then they remove a dependency and suddenly unrelated installs stopped working. Not really pertinent to the discussion at hand, just a possible bug (or surprising behavior) that popped into my head. > Again: the entire point of dependency_links is to have an in-band, > automated way to ship third-party indexing information that would > otherwise require manual, out-of-band, *recursive* distribution. > Dependency links are download locations, and are independent of > version specifications. Yea I get that, I think at this point it's just a differing of opinion about wether that is a desirable trait for a system to have or not. Obviously I think not, and you I believe think it is. Setuptools isn't (and shouldn't) be removing them and as you said they don't belong in PKG-INFO so I I think we are in agreement about that :)
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
