On 4 June 2017 at 10:39, Ralf Gommers wrote:
>
>
> On Sat, Jun 3, 2017 at 8:59 PM, Paul Moore wrote:
>>
>> On 3 June 2017 at 03:14, Nathaniel Smith wrote:
>> > So far my belief is that packages with expensive build processes are
>> > going to ignore you and implement, ship, document, and recomme
On Sat, Jun 3, 2017 at 8:59 PM, Paul Moore wrote:
> On 3 June 2017 at 03:14, Nathaniel Smith wrote:
> > So far my belief is that packages with expensive build processes are
> > going to ignore you and implement, ship, document, and recommend the
> > direct source-tree->wheel path for developer b
On Sat, Jun 3, 2017 at 5:09 PM, C Anthony Risinger
wrote:
> Fair enough. It seems like there will almost certainly emerge some way of
> chaining small "source tree mutators" (leading to an sdist) with truly
> custom build backends (that may ultimately terminate on either
> setuptools/distutils lik
On Jun 3, 2017 4:47 AM, "Paul Moore" wrote:
On 3 June 2017 at 04:53, C Anthony Risinger wrote:
> I want to make sure I understand what I'd need to do, as a user, in a post
> PEP 517 world. Say I wanted to accomplish the following three things:
>
> * Generate version info from my VCS
> * Generate
On Thu, Jun 1, 2017 at 10:46 PM, Pandu Poluan wrote:
> +1 for transitive trust.
>
> At the base/simplest level, `pip` would trust any packages trusted by PyPI.
>
> More advanced users / more security-oriented installation can add
> additional "required trusts".
>
> Maybe another special "PyPI Cur
+1 for transitive trust.
At the base/simplest level, `pip` would trust any packages trusted by PyPI.
More advanced users / more security-oriented installation can add
additional "required trusts".
Maybe another special "PyPI Curator" pseudo-user. All packages whose
signing key is trusted by PyPI
On 3 June 2017 at 11:09, Thomas Kluyver wrote:
> More generally, though, I'd question why you don't want those files to
> be in an sdist? Why should an sdist be any different to a snapshot of
> your VCS at release time, including all of your thoughts and tools used
> in development? Installation w
On 3 June 2017 at 20:09, Thomas Kluyver wrote:
> On Sat, Jun 3, 2017, at 10:55 AM, Paul Moore wrote:
>> This is getting very off-topic, but what if I wanted to patch the
>> source and then build a sdist to put into my local PyPI index? I
>> presume the answer is that I either have to checkout the
On 3 June 2017 at 19:45, Thomas Kluyver wrote:
> On Sat, Jun 3, 2017, at 03:14 AM, Nathaniel Smith wrote:
>> If the pip devs don't trust build systems in general, but (as
>> suggested by copy_files discussion) are ok with trusting them if they
>> promise to be super trustworthy, alternate proposal
On Sat, Jun 3, 2017, at 10:55 AM, Paul Moore wrote:
> This is getting very off-topic, but what if I wanted to patch the
> source and then build a sdist to put into my local PyPI index? I
> presume the answer is that I either have to checkout the original
> sources from VCS or I have to build only w
On 3 June 2017 at 10:45, Thomas Kluyver wrote:
>> One thing that's not clear to me: a crucial use case for sdists is (1)
>> download, (2) unpack, (3) patch the source, possibly adding new files,
>> (4) build and install. (After all, the whole reason we insist on
>> distributing sdists is that open
On 3 June 2017 at 04:53, C Anthony Risinger wrote:
> I want to make sure I understand what I'd need to do, as a user, in a post
> PEP 517 world. Say I wanted to accomplish the following three things:
>
> * Generate version info from my VCS
> * Generate .h and .c from .pyx or cffi's out-of-line API
On Sat, Jun 3, 2017, at 03:14 AM, Nathaniel Smith wrote:
> If the pip devs don't trust build systems in general, but (as
> suggested by copy_files discussion) are ok with trusting them if they
> promise to be super trustworthy, alternate proposal:
> - add a 'in_place_build_safe = True' hook, which
On 3 June 2017 at 08:47, Donald Stufft wrote:
>
> That also means that we can adjust our answer to it in the future. If such a
> tool gets built and a lot of people end up using it and asking for it in
> pip, we can revisit that decision in a future version of pip. Part of the
> stand off here is
On 3 June 2017 at 09:59, Paul Moore wrote:
> On 3 June 2017 at 03:14, Nathaniel Smith wrote:
>> So far my belief is that packages with expensive build processes are
>> going to ignore you and implement, ship, document, and recommend the
>> direct source-tree->wheel path for developer builds. You
On 3 June 2017 at 03:14, Nathaniel Smith wrote:
> So far my belief is that packages with expensive build processes are
> going to ignore you and implement, ship, document, and recommend the
> direct source-tree->wheel path for developer builds. You can force the
> make-a-wheel-from-a-directory-wit
> On Jun 3, 2017, at 1:40 AM, Nathaniel Smith wrote:
>
> On Fri, Jun 2, 2017 at 8:38 PM, Donald Stufft wrote:
>>
>> On Jun 2, 2017, at 10:14 PM, Nathaniel Smith wrote:
>>
>>> So far my belief is that packages with expensive build processes are
>>> going to ignore you and implement, ship, doc
On 3 June 2017 at 15:53, Nathaniel Smith wrote:
> That's not what I'm talking about. The case I'm talking about is,
> like, a baby dev taking their first steps, or someone trying to get a
> build of a package working on an unusual system:
>
> git clone /numpy.git
> cd numpy
> # edit some file,
18 matches
Mail list logo
