Re: [Distutils] multiple backports of ipaddress and a world of pain

[Chris Withers]

Hi Nick, On 18/02/2016 13:32, Nick Coghlan wrote: On 17 February 2016 at 04:37, Chris Withers <ch...@simplistix.co.uk> wrote: So, RHEL7, for worse or worse, ships with Python 2.7.5. It's 2.7.5 + important security backports, so any package that relies on PEP 466 features like ssl.create_default_context() should be fine in 7.2+. (You can also switch on default certificate verification if you want it: https://access.redhat.com/articles/2039753 ) The company I'm with at the moment is one of the more aggressive operating system release followers I've worked with or for, and even we're not on 7.2 yet!   That means to keep pip happy, you need to do these dances in all the virtualenvs you create: http://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning http://urllib3.readthedocs.org/en/latest/security.html#pyopenssl If urllib3 is actually using version detection rather than feature detection as recommended in PEP 466 (https://www.python.org/dev/peps/pep-0466/#backwards-compatibility-considerations), then that's a missing bug report against urllib3 I guess we'll see when we start testing. We currently have a python-virtualenv package that pulls in a kitchen sink's work of dependencies, as recommended at those links... <multiple ipaddress backports> It looks like you found a resolution to this part of the problem, but those dependencies should only be needed on 7.0 and 7.1 Unfortunately, I missed this use case when PEP 508 was being defined, so there's currently no capability for Python level dependencies to be conditional on the presence or absence of particular attributes in other modules :( Not sure that's such a biggie here, I'd more like to see pip at least notice that it's trying to install two files into the same location. cheers, Chris

_______________________________________________
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig