Re: [Distutils] How to deprecate a python package

[Nicholas Chammas]

FYI, there is an existing issue on Warehouse's tracker for this:
https://github.com/pypa/warehouse/issues/345
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alex Grönholm]

You can already modify the description and add the "Development Status 
:: 7 - Inactive" classifier. It would be really nice to filter these out 
of search results though.


06.04.2016, 02:32, Greg Ewing kirjoitti:

Geoffrey Spear wrote:
I don't have an answer to your actual question, but I'd not advocate 
people removing packages; we don't want a npm situation here. :(


Perhaps there should be a way of marking a package as
deprecated on PyPI, so that it shows a big red warning
flag?



___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Greg Ewing]

Geoffrey Spear wrote:
I don't have an answer to your actual question, but I'd not advocate 
people removing packages; we don't want a npm situation here. :(


Perhaps there should be a way of marking a package as
deprecated on PyPI, so that it shows a big red warning
flag?

--
Greg
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alexander Walters]

Please keep in mind, my suggestion can be done *today* with zero changes 
to tooling.


On 4/5/2016 18:50, Alex Grönholm wrote:
Implementing this on Warehouse and pip would have the added benefit of 
warning users who have a specific version pinned. As for pip letting 
stderr messages through, that'd be irrelevant if pip had direct 
support for this. 


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alex Grönholm]

Implementing this on Warehouse and pip would have the added benefit of 
warning users who have a specific version pinned. As for pip letting 
stderr messages through, that'd be irrelevant if pip had direct support 
for this.


06.04.2016, 01:47, Alexander Walters kirjoitti:
I am not 100% sure if pip will let stderr messages though, but i THINK 
it does.  Warnings on import will work regardless.


Honestly, I don't care if its marginally easier (and it would only be 
marginally easier) to mark a package deprecated by flipping a bit on 
the site - it's the last thing they will ever do with the package.


On 4/5/2016 18:40, Alex Grönholm wrote:
Wouldn't my suggestion or Glyph's be easier for the maintainers? That 
way they wouldn't even have to make a new release, just modify a 
setting on the package settings page on PyPI.

Also, are you going you see the warning if it's emitted on installation?

06.04.2016, 01:37, Alexander Walters kirjoitti:



On 4/5/2016 18:34, Glyph wrote:
Perhaps, before anyone tries to make pip doing something mechanical 
about deprecations, we should just have the website itself do this 
sort of redirect? Removing the download would be drastic; giving 
people an interstitial that says "This package is no longer 
maintained, please use $X instead" would be very informative.


-glyph


I don't remember the last time I used the pypi website.  I use pypi 
every day.  I don't know if I am weird, but redirecting web views 
would do nothing for me.  Redirecting packages is pure evil.


I really think the best course of action is for the maintainer to 
release a final version of the package that warns on install and 
import.

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alexander Walters]

I am not 100% sure if pip will let stderr messages though, but i THINK 
it does.  Warnings on import will work regardless.


Honestly, I don't care if its marginally easier (and it would only be 
marginally easier) to mark a package deprecated by flipping a bit on the 
site - it's the last thing they will ever do with the package.


On 4/5/2016 18:40, Alex Grönholm wrote:
Wouldn't my suggestion or Glyph's be easier for the maintainers? That 
way they wouldn't even have to make a new release, just modify a 
setting on the package settings page on PyPI.

Also, are you going you see the warning if it's emitted on installation?

06.04.2016, 01:37, Alexander Walters kirjoitti:



On 4/5/2016 18:34, Glyph wrote:
Perhaps, before anyone tries to make pip doing something mechanical 
about deprecations, we should just have the website itself do this 
sort of redirect?  Removing the download would be drastic; giving 
people an interstitial that says "This package is no longer 
maintained, please use $X instead" would be very informative.


-glyph


I don't remember the last time I used the pypi website.  I use pypi 
every day.  I don't know if I am weird, but redirecting web views 
would do nothing for me.  Redirecting packages is pure evil.


I really think the best course of action is for the maintainer to 
release a final version of the package that warns on install and import.

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alex Grönholm]

Wouldn't my suggestion or Glyph's be easier for the maintainers? That 
way they wouldn't even have to make a new release, just modify a setting 
on the package settings page on PyPI.

Also, are you going you see the warning if it's emitted on installation?

06.04.2016, 01:37, Alexander Walters kirjoitti:



On 4/5/2016 18:34, Glyph wrote:
Perhaps, before anyone tries to make pip doing something mechanical 
about deprecations, we should just have the website itself do this 
sort of redirect?  Removing the download would be drastic; giving 
people an interstitial that says "This package is no longer 
maintained, please use $X instead" would be very informative.


-glyph


I don't remember the last time I used the pypi website.  I use pypi 
every day.  I don't know if I am weird, but redirecting web views 
would do nothing for me.  Redirecting packages is pure evil.


I really think the best course of action is for the maintainer to 
release a final version of the package that warns on install and import.

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alexander Walters]

On 4/5/2016 18:34, Glyph wrote:

Perhaps, before anyone tries to make pip doing something mechanical about deprecations, 
we should just have the website itself do this sort of redirect?  Removing the download 
would be drastic; giving people an interstitial that says "This package is no longer 
maintained, please use $X instead" would be very informative.

-glyph


I don't remember the last time I used the pypi website.  I use pypi 
every day.  I don't know if I am weird, but redirecting web views would 
do nothing for me.  Redirecting packages is pure evil.


I really think the best course of action is for the maintainer to 
release a final version of the package that warns on install and import.

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Glyph]

Perhaps, before anyone tries to make pip doing something mechanical about 
deprecations, we should just have the website itself do this sort of redirect?  
Removing the download would be drastic; giving people an interstitial that says 
"This package is no longer maintained, please use $X instead" would be very 
informative.

-glyph

> On Apr 5, 2016, at 3:26 PM, Alex Grönholm  wrote:
> 
> You make a valid point. This made me recall something -- there is a 
> classifier "Development Status :: 7 - Inactive". As a quick fix, pip could be 
> modified to emit a warning when a distribution containing this classifier is 
> installed. But the problem seems more social than technical. The author of 
> the package the OP referred to has not chosen to add any status classifier or 
> any kind of warning in the description that would notify the user of its 
> deprecated status.
> 
> 06.04.2016, 01:05, Tres Seaver kirjoitti:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> On 04/05/2016 04:17 PM, Alex Grönholm wrote:
>> 
>>> I think an ideal solution would be to add a feature to Warehouse that
>>> would "redirect" any downloads of a library to another. Though I'm not
>>> saying it would be simple.
>> Such a feature would be doing a huge disservice:  repeatability *matters*
>> for package consumers.  Unless an already-uploaded package is known to
>> contain malware, or the author is under force majeur compulsion
>> (governmental / legal injunction), removing a distribution is much worse
>> than giving the humans involved flexibility to deal with an issue.
>> 
>> 
>> Tres.
>> - -- ===
>> Tres Seaver  +1 540-429-0999  tsea...@palladion.com
>> Palladion Software   "Excellence by Design"http://palladion.com
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1
>> 
>> iQIcBAEBAgAGBQJXBDaKAAoJEPKpaDSJE9HYGYsP/AtJGhNFXPXjtUlTVoDHw6oz
>> ohzb5js31Dps86V/CQELl4cxFhfPMpPCPxcfA9z/E9B4Wk3HaFTPxOUunZKrbUJA
>> 2MguOnsYOjeWCBSlBEOdjCSTHiYse07NRMV4NN+b0mfdnj6VvTk17uY9UW96GTiN
>> xigRgysRgN71JnE41ZNL+4qKjvCL/6dYFrga21rdvOGnZrTNUBwP8mbbACrdz9lh
>> jeOSVkbWMqKazAXIZB3y7KaByIHIfes5fguBnsjqpgdL9c9r8WsE5nhBCdlkUm8N
>> NAiNEpTy+5G5o0NhGz/4AXFtamkVLTGSZhWcUprHOtJUgjzer+b0WWijFcBtcQGY
>> Ugbijhotlbx+zI/QPqArqDemU++UhGr+oiI839KfyzV3viZ4MEr8jC/BchM88Jmn
>> 8lR3Fyv25Tc2bDTC96hv8A5zcwM08i5FYHlPhW2a96xue5Vl9wZ6rmpRUTtqhErJ
>> vwPu/Yps/l1nXzRXPc8NcHTH8daDVIgaNNp8EeDHV+vYJgy066zzzSQ4dTJddWbZ
>> mcf6aFQDP50vrloZ81GaeByUJ1xlcVfyODdvpKj350YlqPqyv7y7uMJv026csRax
>> l/3DyhChbqzU/be9f6xaGL+KzJU3Xt2L0XY/annNkBWrsbRKISpiiGc+21rNo23P
>> EB9Sax3Uoa47h5GWQWH5
>> =CblP
>> -END PGP SIGNATURE-
>> 
>> ___
>> Distutils-SIG maillist  -  Distutils-SIG@python.org
>> https://mail.python.org/mailman/listinfo/distutils-sig
> 
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alex Grönholm]

You make a valid point. This made me recall something -- there is a 
classifier "Development Status :: 7 - Inactive". As a quick fix, pip 
could be modified to emit a warning when a distribution containing this 
classifier is installed. But the problem seems more social than 
technical. The author of the package the OP referred to has not chosen 
to add any status classifier or any kind of warning in the description 
that would notify the user of its deprecated status.


06.04.2016, 01:05, Tres Seaver kirjoitti:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/05/2016 04:17 PM, Alex Grönholm wrote:


I think an ideal solution would be to add a feature to Warehouse that
would "redirect" any downloads of a library to another. Though I'm not
saying it would be simple.

Such a feature would be doing a huge disservice:  repeatability *matters*
for package consumers.  Unless an already-uploaded package is known to
contain malware, or the author is under force majeur compulsion
(governmental / legal injunction), removing a distribution is much worse
than giving the humans involved flexibility to deal with an issue.


Tres.
- -- 
===

Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJXBDaKAAoJEPKpaDSJE9HYGYsP/AtJGhNFXPXjtUlTVoDHw6oz
ohzb5js31Dps86V/CQELl4cxFhfPMpPCPxcfA9z/E9B4Wk3HaFTPxOUunZKrbUJA
2MguOnsYOjeWCBSlBEOdjCSTHiYse07NRMV4NN+b0mfdnj6VvTk17uY9UW96GTiN
xigRgysRgN71JnE41ZNL+4qKjvCL/6dYFrga21rdvOGnZrTNUBwP8mbbACrdz9lh
jeOSVkbWMqKazAXIZB3y7KaByIHIfes5fguBnsjqpgdL9c9r8WsE5nhBCdlkUm8N
NAiNEpTy+5G5o0NhGz/4AXFtamkVLTGSZhWcUprHOtJUgjzer+b0WWijFcBtcQGY
Ugbijhotlbx+zI/QPqArqDemU++UhGr+oiI839KfyzV3viZ4MEr8jC/BchM88Jmn
8lR3Fyv25Tc2bDTC96hv8A5zcwM08i5FYHlPhW2a96xue5Vl9wZ6rmpRUTtqhErJ
vwPu/Yps/l1nXzRXPc8NcHTH8daDVIgaNNp8EeDHV+vYJgy066zzzSQ4dTJddWbZ
mcf6aFQDP50vrloZ81GaeByUJ1xlcVfyODdvpKj350YlqPqyv7y7uMJv026csRax
l/3DyhChbqzU/be9f6xaGL+KzJU3Xt2L0XY/annNkBWrsbRKISpiiGc+21rNo23P
EB9Sax3Uoa47h5GWQWH5
=CblP
-END PGP SIGNATURE-

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Tres Seaver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/05/2016 04:17 PM, Alex Grönholm wrote:

> I think an ideal solution would be to add a feature to Warehouse that
> would "redirect" any downloads of a library to another. Though I'm not
> saying it would be simple.

Such a feature would be doing a huge disservice:  repeatability *matters*
for package consumers.  Unless an already-uploaded package is known to
contain malware, or the author is under force majeur compulsion
(governmental / legal injunction), removing a distribution is much worse
than giving the humans involved flexibility to deal with an issue.


Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJXBDaKAAoJEPKpaDSJE9HYGYsP/AtJGhNFXPXjtUlTVoDHw6oz
ohzb5js31Dps86V/CQELl4cxFhfPMpPCPxcfA9z/E9B4Wk3HaFTPxOUunZKrbUJA
2MguOnsYOjeWCBSlBEOdjCSTHiYse07NRMV4NN+b0mfdnj6VvTk17uY9UW96GTiN
xigRgysRgN71JnE41ZNL+4qKjvCL/6dYFrga21rdvOGnZrTNUBwP8mbbACrdz9lh
jeOSVkbWMqKazAXIZB3y7KaByIHIfes5fguBnsjqpgdL9c9r8WsE5nhBCdlkUm8N
NAiNEpTy+5G5o0NhGz/4AXFtamkVLTGSZhWcUprHOtJUgjzer+b0WWijFcBtcQGY
Ugbijhotlbx+zI/QPqArqDemU++UhGr+oiI839KfyzV3viZ4MEr8jC/BchM88Jmn
8lR3Fyv25Tc2bDTC96hv8A5zcwM08i5FYHlPhW2a96xue5Vl9wZ6rmpRUTtqhErJ
vwPu/Yps/l1nXzRXPc8NcHTH8daDVIgaNNp8EeDHV+vYJgy066zzzSQ4dTJddWbZ
mcf6aFQDP50vrloZ81GaeByUJ1xlcVfyODdvpKj350YlqPqyv7y7uMJv026csRax
l/3DyhChbqzU/be9f6xaGL+KzJU3Xt2L0XY/annNkBWrsbRKISpiiGc+21rNo23P
EB9Sax3Uoa47h5GWQWH5
=CblP
-END PGP SIGNATURE-

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alexander Walters]

The ideal solution is for the maintainer to release one last version of 
the package with copious use of the warnings module.


We really don't want to redirect people blindly - They may be depending 
on undocumented-but-still-api portions of the original's code that a 
replacement package might not implement - or more likely - the 
replacement would only have a similar, but not identical, api.


We really don't want to just remove the package - then dependencies 
break for people who can't upgrade their own codebase for whatever 
reason, or who just need to deploy fresh again.


We might want to implement a package metadata property - Pip can give a 
big flashing warning on install that the package is deprecated by the 
maintainer.  This should be the ONLY use of this property; let's not 
start making rules based on deprecation metadata, that's as bad as just 
removing the package.


This leaves, for me, one real option maintainers can do right now, and 
that's just warn the dickens out of the developer.




On 4/5/2016 14:46, Thomas Güttler wrote:

I wasted some time because I used a deprecated python package.

I asked the maintainer to remove it, and he looked at the usage statistics: I 
still gets
downloaded.

What is the official way to deprecate a python package?

Related discussion:

https://github.com/riklaunim/django-ckeditor/issues/60#issuecomment-205021579

Regards,
   Thomas Güttler



___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Alex Grönholm]

I think an ideal solution would be to add a feature to Warehouse that 
would "redirect" any downloads of a library to another. Though I'm not 
saying it would be simple.


05.04.2016, 22:59, Ionel Cristian Mărieș kirjoitti:
What's wrong with a new release that just depends on replacement 
(assuming there's identical API)? This might be of help: 
https://pypi.python.org/pypi/pypi-alias


If there are API changes or other breakages then maybe a release with 
a wrapper that emits warnings would be better and generate less 
surprise/anger.



Thanks,
-- IonelCristian Mărieș, http://blog.ionelmc.ro

On Tue, Apr 5, 2016 at 9:46 PM, Thomas Güttler 
> 
wrote:


I wasted some time because I used a deprecated python package.

I asked the maintainer to remove it, and he looked at the usage
statistics: I still gets
downloaded.

What is the official way to deprecate a python package?

Related discussion:


https://github.com/riklaunim/django-ckeditor/issues/60#issuecomment-205021579

Regards,
  Thomas Güttler

--
http://www.thomas-guettler.de/
___
Distutils-SIG maillist  - Distutils-SIG@python.org

https://mail.python.org/mailman/listinfo/distutils-sig




___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Ionel Cristian Mărieș]

What's wrong with a new release that just depends on replacement (assuming
there's identical API)? This might be of help:
https://pypi.python.org/pypi/pypi-alias

If there are API changes or other breakages then maybe a release with a
wrapper that emits warnings would be better and generate less
surprise/anger.


Thanks,
-- Ionel Cristian Mărieș, http://blog.ionelmc.ro

On Tue, Apr 5, 2016 at 9:46 PM, Thomas Güttler  wrote:

> I wasted some time because I used a deprecated python package.
>
> I asked the maintainer to remove it, and he looked at the usage
> statistics: I still gets
> downloaded.
>
> What is the official way to deprecate a python package?
>
> Related discussion:
>
>
> https://github.com/riklaunim/django-ckeditor/issues/60#issuecomment-205021579
>
> Regards,
>   Thomas Güttler
>
> --
> http://www.thomas-guettler.de/
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] How to deprecate a python package

[Geoffrey Spear]

I don't have an answer to your actual question, but I'd not advocate people
removing packages; we don't want a npm situation here. :(

On Tue, Apr 5, 2016 at 2:46 PM, Thomas Güttler  wrote:

> I wasted some time because I used a deprecated python package.
>
> I asked the maintainer to remove it, and he looked at the usage
> statistics: I still gets
> downloaded.
>
> What is the official way to deprecate a python package?
>
> Related discussion:
>
>
> https://github.com/riklaunim/django-ckeditor/issues/60#issuecomment-205021579
>
> Regards,
>   Thomas Güttler
>
> --
> http://www.thomas-guettler.de/
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig