On Wed, Jan 29, 2014 at 9:40 AM, Donald Stufft <don...@stufft.io> wrote:
> > On Jan 29, 2014, at 9:25 AM, Vinay Sajip <vinay_sa...@yahoo.co.uk> wrote: > > >> It may be useful to understand that wheel has *political features* or > >> if you prefer *setting the defaults based on what we have learned from > >> eggs*. I don't recommend that they be zip-imported generally > >> but if you are a consenting adult who understands the caveats you > >> may do so. > > > > What *exactly* have we learned from eggs? We've learned that sys.path > > manipulation under the hood is bad, because sys.path is important to > system > > behaviour and because the ramifications of changing it under the hood > are unpredictable. > > > > But we don't let that lead to a mindset that prohibits *any* sys.path > manipulation - it's vital > > in many situations to be able to manipulate sys.path in a controlled way. > > > > What *else* have we learned from eggs? If we leave to one side the > sys.path manipulation > > issues, what else has been problematic about the egg format? Details > seem hard to find, > > though there's lots of talk in general about "pain" and "weirdness". I'm > asking because I > > really want to understand at a more detailed level what those problems > are, because I > > would be interested in trying to solve them, or minimise their impact. > That might sound > > naïve to some - but there it is. > > > > Regards, > > > > Vinay Sajip > > > > It’s hard to pin down because the failure modes of zipped eggs are > nebulous themselves. > > For instance take pip. I just recently redid the get-pip.py installer to > use a zip file (not a > Wheel or Egg) that contained pip and add that zip file straight to > sys.path instead of > unzipping it. One of the failure modes was that it was suddenly unable to > validate TLS > certificates. The reason why, was because it bundles it’s own cacerts.pem > which it > passes to the ssl library to validate the connection. In this case it’s > impossible as far as > I can tell to use pkgutil.get_data directly because the ssl library does > not directly > support pkgutil.get_data nor does it support passing the certificates as a > string or other > in memory. > > That’s really the biggest problem with strictly pure python Zipped Eggs. > That the failure > modes are ill defined and depend greatly on the application/library > itself. For some you’ll > get exceptions, for others some features will just stop working, for even > others you’ll > just get subtle bugs that only happen under zip import. Just a heads-up that if I ever get around to re-implementing zipfile importing using importlib (http://bugs.python.org/issue17630) I will ask this list for feature feedback to make sure I don't miss something that's critical.
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig