-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote: > Chris Withers wrote: >> Dieter Maurer wrote: >>> Tres has earlier proposed a meta egg to represent "versions.cfg" in >>> a setuptools only (non buildout) environment. >>> >>> A meta egg is an egg that only list dependencies and does not contain >>> code of its own. >> Indeed, so we'd need 2 eggs for Zope 2 :-( >> >> Something I bumped into recently: >> >> If the Zope 2 egg actually hard-specifies its dependencies, how do I >> upgrade any of those dependencies to newer versions that fix bugs i may >> have encountered/fixed? > > You roll your own meta egg. You cannot override hard version > specifications inside a setup.py. > > In all other debates we seemed to agree on not over specifying > requirements in setup.py files, I wonder why anybody still tries to > follow this route.
Maybe because it makes for a predictable / reproducible installation? After all, the 2.12a1 egg already released is now broken under easy_isntall becasse it *doesn't* nail down its dependencies. Predicatbility requires one of the following: - - Run an index, and make people install from there rather than PyPI; at that point, you are a "distribution" maintainer, and can ensure consistency. Users who trust you can "safely" upgrade at will, because you are responsible for ensuring that the eggs in the index work together. - - Release a nailed-down egg (or the equivalent buildout.cfg / versions.cfg, and let people install from PyPI. Upgrades are not really safe: you won't get borked by newly released eggs, but removed / re-uploaded eggs can still hose you. - - Release some kind of monolith, generated from the same metadata as above. Upgrades aren't really possible here: you have to release a new version of the monolith. > Let's see what other people who want to support easy_install do: They > require you to use virtualenv and create a links page, which has all the > dependencies in all the required versions on it: > > http://pylonshq.com/download/0.9.7/ > http://www.turbogears.org/2.0/downloads/2.0final/ > http://dist.repoze.org/zope2/dev/ > http://dist.plone.org/release/3.3rc2/ > > In order to install from on of these you do for example: > > easy_install -f http://pylonshq.com/download/0.9.7 Pylons You want '-i' and the index URL, not '-f' and the "directory-containing- tarballs" URL. > and that's it. Some projects package up the multiple steps (including > installing setuptools) into a little helper script. > > As you might notice all that is required is a known URL and Apache > serving a bunch of files directly. Without supplying the '-i' ('--index-url') flag, you are still subject to the variability of PyPI. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ4NRD+gerLs4ltQ4RAjepAKCRsCzEHTcOnPpqE53Cs8Q0+WSdxACfZ7Zq LupGqM494WgV5QMAWl4X/HY= =NCYV -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )