On 8 May 2014 16:46, Donald Stufft <don...@stufft.io> wrote:
> Anything can be changes or reconsidered of course. I feel pretty strongly that
> an installer should not install things from places other than the index 
> without
> a specific opt in. That discussion would be best done on distutils-sig as it
> would require reversing the decision in PEP438.

I think it's worth reconsidering. Since this behaviour was
implemented, there have been many instances of confusion and
unhappiness with the situation, both from package developers and pip
users. I don't think that's good for pip. I would like to see PEP 438
reviewed with the intention of working out how to fix the user
experience (ideally while retaining the reliability enhancements, but
accepting that compromises may be needed).

Some points:

1. Often a user won't know that a package is externally hosted until
an install fails. Having to add a flag and retry is a lousy
experience. Why not at a minimum have an "externally hosted - are you
sure?" prompt?
2. The way the flags are implemented (notably the need to repeat the
package name) is clearly confusing and irritating for users, even if
the reasons are logical. We should look at fixing that.
3. The user complaints against pip are significant and ongoing. I
don't think they should be ignored. If PEP 438 cannot be reconsidered
in the light of user feedback, then I think the pip developers may
need to have a discussion about whether we conform to the PEP (clearly
Donald thinks we should, I'm not sure I do, and I don't know about the
others). But I don't think it's healthy for pip to be looking at
deliberately ignoring an accepted PEP, so I'd prefer it if the debate
was around addressing the issues in the PEP itself.
4. Maybe distutils-sig *isn't* the right place to discuss revising PEP
438. The issues getting raised are end-user problems, and the users
most affected are unlikely to be on that list.

Socially, this change does not seem to be having the effect of
persuading more package developers to host on PyPI. The stick doesn't
appear to have worked, maybe we should be trying to find a carrot? Or
maybe we have to accept that some developers have sound reasons for
not hosting on PyPI and work with them to find an acceptable
compromise? Has anyone checked what Stefan's reasons are for not
hosting cdecimal on PyPI? Do they represent a use case that the PEP
hasn't considered?

> I really don't feel strongly one way or the other about the *warning* that
> happens when you allow an external file. It exists primarily because at the
> time it was implemented external files were default to allowed.

I think it's reasonable to remove the warning. If the user chooses to
allow an external file, it makes sense to assume they understand the
implications and not nag them about their decision. Particularly given
the level of controversy the warning is generating.

On a personal note, I'm uncomfortable with the way this change is
perceived as a case of *pip* enforcing a behaviour that the pip
developers feel should be required. I actually don't like this change
particularly. So having pip implement the behaviour required by that
PEP is to me simply a case of compliance with the agreed standard. But
now, as a pip developer, being held responsible for the resulting user
pain, and being expected to defend it, does not make me happy.

Paul
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to