On Jan 22, 2016 10:11 AM, "Donald Stufft" <don...@stufft.io> wrote: > > PEP 376 added a file to the .dist-info directory called "INSTALLER" which was > supposed to be: > > This option is the name of the tool used to invoke the installation. > > However, nothing has really ever implemented it and it's gone largely ignored > until just recently pip 8.0 started writing the INSTALLER file into the > metadata directories with a value of "pip". > > I'd like to propose adding a special cased value to add to the installer file > that will tell projects like pip that this particular installed thing is being > managed by someone else, and we should keep our hands off of it. According to > PEP 376 the supported values for this file are r"[a-z0-9_-.]", however I think > since nobody has ever implemented it, we could expand that so that it so you > can also have a special value, of "dpkg (system)" or maybe that's not worth it > and we could just have "system" as a special value.
I think we want more than just "system", because the same user could have some packages managed by dpkg and some by conda, both of which have their own dependency resolution mechanisms that are outside pip's and could get broken if pip removes stuff willy-nilly. And when pip errors out, you want to be able to explain to the user "this package is managed by conda, and using pip on it may break your conda setup..." versus "this package is managed by Debian, and using pip on it may break your Debian setup...". (Actually I'm not sure what the status these days is of mixing pip and conda -- they've gotten somewhat better at handling it. Is the proposed behavior in pip when it sees this flag something that distribution maintainers have asked for? Are they present in this thread?) > The benefit of doing this, is that with a special value in that file that says > "this file belongs to the OS", then pip could start looking for that file and > require a --force flag before it modifies any files belonging to that project. > Then distributors like Debian, Fedora, etc could simply write out the INSTALLER > file with the correct value, and pip would start to respect their files by > default. I'd like a little more clarity on exactly what circumstances justify setting this flag. If I write a new python package manager, then should I set this flag on all my packages because I don't trust anyone else to get things right? :-) Maybe the relevant thing is what I said above, that there is some system tracking these files that is not using the dist-info directory as its source-of-truth about what's installed, dependencies, etc. -n
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
