I like the idea of lifecycle hooks but I worry about the malware problem; would there need to be a blacklist / whitelist / disable system? (ignore-scripts=true is now a recommended part of anyone's npm configuration) That is why we have avoided any kind of (package specific) hooks to wheel. However hooks would be a very elegant way to avoid worrying about core pip functionality since it wouldn't be core functionality.
On Fri, Oct 20, 2017 at 4:41 PM Nathaniel Smith <n...@pobox.com> wrote: > On Oct 19, 2017 11:10, "Donald Stufft" <don...@stufft.io> wrote: > > > EXCEPT, for the fact that with the desire to cache things, it would be > beneficial to “hook” into the lifecycle of a package install. However I > know that there are other plugin systems out there that would like to also > be able to do that (Twisted Plugins come to mind) and that I think outside > of plugin systems, such a mechanism is likely to be useful in general for > other cases. > > So heres a different idea that is a bit more ambitious but that I think is > a better overall idea. Let entrypoints be a setuptools thing, and lets > define some key lifecycle hooks during the installation of a package and > some mechanism in the metadata to let other tools subscribe to those hooks. > Then a caching layer could be written for setuptools entrypoints to make > that faster without requiring standardization, but also a whole new, better > plugin system could to, Twisted plugins could benefit, etc [1]. > > > In this hypothetical system, how do installers like pip find the list of > hooks to call? By looking up an entrypoint? (Sorry if this was discussed > downthread; I didn't see it but I admit I only skimmed.) > > -n > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig