Michael, I think you are missing the point.
easy_install tg.devtools is never going to work reliably. The best we can do is to create a hudson script to test the install daily (hourly?), and notify us if the install fails. It seems like the last release (2.1.4) may have missed the critical step of testing the install in a clean environment before it was shipped, which would have caught this WebOb versioning issue. Why is e_i never going to work reliably? The public Pypi changes over time and we don't control the vast majority of the packages that TG relies on. That means that we don't control what dependencies _those_ packages have either. There are other problems compounding the usage of Pypi. The Pylons package, for instance utilizes the find_links = http://www.pylonshq.com/download/ option in it's setup.cfg. What does easy_install do with this? As soon as it sees it, it sets the index to pylons' index, which means we can't use any versioning in our own dependency list. It's dumb, it sucks, it's _hard_ to work around, but not impossible. I've asked Ben to take find_links out, but he decided not to. We could try to get setuptools fixed (not likely). So, should we add our own find_links option? Well, I think this just makes the problem worse for downstream projects. For all the releases I have done for TG, I have recreated a custom Pylons package that removes the find_links option. This only works if we maintain a private index. I've spent HOURS trying to solve this problem. It's not really solvable. You can't use easy_install without -i and have reliability. I wrote basketweaver to make creating private indexes easier. So, the URL for -i is long. Here's a new one: http://bit.ly/tg_index I have not tested this works with easy_install, but I'm guessing they have redirects working properly. Sorry if this comes off a bit snippy. I don't think everyone has all the information to make the right choice on this quintessential decision about our framework. I think that all of the devs, and our users have to keep in mind that TG's strength is also it's greatest weakness. While it has quite a number of dependencies, it's these dependencies that allow us to do so much with so little. I think that if our users have arrived at TG, they have already decided that the cost of those dependencies is worth the effort. Our job is to make that as painless as possible, but it's not possible to solve every problem with a broken setuptools (easy_install) that cannot be updated. Oh, and for what it's worth. PLEASE don't lock down the dependent package versions. Our users will want to upgrade their packages without having to modify the deps of TG to do it. This is another thing that makes TG great. cheers. -chris -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To view this discussion on the web visit https://groups.google.com/d/msg/turbogears/-/LBbjUCpY1IUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
