On 27 October 2015 at 21:47, David Cournapeau <courn...@gmail.com> wrote:
> Another simple solution for this particular case is to add conflict rules > between packages that provide the same requirement (that's what php's > composer do IIRC). > > The case of safety against malicious forks is handled quite explicitly in > composer, we may want to look at how they do it when considering solutions > (e.g. https://github.com/composer/composer/issues/2690, though it has > changed a bit since then) > > Adding the provides/conflict concepts to pip resolver will complexify it > quite significantly, both in terms of running time complexity (since at that > point you are solving a NP-complete problem) and in terms of implementation. > But we also know for real cases this is doable, even in pure python > (composer handles all the cases you are mentioning, and is in pure php). We already require a full NP-complete solver because of <, <= and ~ version operators. I haven't adsorbed this proposal enough to comment on the reification aspect yet. I'm worried about provides and conflicts in general, but not from a resolver code perspective - thats a one-ish-time-cost, but instead from a user experience perspective. -Rob -- Robert Collins <rbtcoll...@hp.com> Distinguished Technologist HP Converged Cloud _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
