鸡蛋被认为有害 [英] eggs considered harmful
问题描述
....至少在这里。
我运行一个企业开源软件工具包,它可以提供数百个图书馆和应用程序成千上万的技术员工。
规则是:a)极少数授权下载者获得
tarball并将其放入仓库中; b)其他用户从
从源代码开始构建和构建。
从历史上看,python包在这种情况下运行良好。安装
是一个简单的下载,解压,setup.py构建/安装。
鸡蛋和其他安装工具灵感的安装过程打破了这个
范例。首先,tarball是不完整的。构建
有时会徘徊在互联网上寻找更多下载。
安装有时会徘徊到互联网上寻找
兼容性条件。 (或者他们试图这样做并且失败
因为我不让他们通过防火墙。)
这些是不可接受的行为。我正在放弃ZODB3,并且
正在考虑放弃TurboGears和ZSI。如果鸡蛋范例
差价,那么更多的套餐会被丢弃(或永远不会有机会
来竞争加成)。
之前我已经问过了,我会再问:如果你正在做一个Python
项目,请提供一个自给自足的tarball。你可以有
可以有依赖关系,只要它们被记录下来并且可以通过单独的手动下载获得
。
谢谢你听取。
-
Harry George
PLM工程架构
Harry George< ha ************ @ boeing.comwrites:
[...]
这些是不可接受的行为。我正在放弃ZODB3,并且
正在考虑放弃TurboGears和ZSI。如果鸡蛋范例
差价,那么更多的套餐会被丢弃(或永远不会有机会
来竞争加成)。
之前我已经问过了,我会再问:如果你正在做一个Python
项目,请提供一个自给自足的tarball。你可以有
依赖,只要它们有文件记录,并且可以通过单独的手动下载获得
。
1.考虑到你自己的消息的冒昧语气,我想我不会在
中遇到更加粗鲁的危险当你指出
时,你的要求就是:你自己的。世界其他地方
不会*总是向后倾斜,以支持你最喜欢的b
。
2.您可以运行自己的私有鸡蛋存储库。 IIRC,它就像一个鸡蛋目录和一个普通的老式网络服务器一样简单
,目录
列表打开。然后运行easy_install -f URL package_name
而不是easy_install package_name。 distutils-sig档案
将有更多这方面。
3.或者,您可以创建包含
的捆绑包依赖(也许zc.buildout可以为你做,甚至?不确定)
John
Harry George写道:
< blockquote class =post_quotes>
...至少在这附近。
我运行一个企业开源软件工具包,这使得数百个
$ b $成千上万的技术员工可以使用图书馆和应用程序。
规则是:a)很少有授权下载者获得
tarball并将它们放入仓库中b)其他用户从软件仓库获取tarball,并从源代码构建。
从历史上看,python软件包在这种情况下运行良好。安装
是一个简单的下载,解压,setup.py构建/安装。
鸡蛋和其他安装工具灵感的安装过程打破了这个
范例。首先,tarball是不完整的。构建
有时会徘徊在互联网上寻找更多下载。
安装有时会徘徊到互联网上寻找
兼容性条件。 (或者他们试图这样做并且失败
因为我不让他们通过防火墙。)
你考虑过吗?建立一个策略,使用
install命令的--single-version-external-managed选项安装这些setuptools-using软件包
?这不会检查依赖关系。
或者,您可以提供tar包的公司存储库及其
依赖关系tarball。您的用户可以使用easy_install选项 - 找到指向该URL的
链接,这样他们就不必离开防火墙,以便安装所有内容。
这些是不可接受的行为。我正在放弃ZODB3,并且
正在考虑放弃TurboGears和ZSI。如果鸡蛋范例价值b
,那么更多的包裹将会被丢弃(或永远不会有机会获得额外的奖金)。
听到这个消息我很抱歉。
之前我问过,我再问一遍:如果你正在做一个Python
项目,请提供一个自给自足的tarball。你可以有
依赖,只要它们有文件记录,并且可以通过单独的手动下载获得
。
鉴于我上面列出的选项,您可以轻松满足这些要求
绝大多数setuptools - 使用包在那里。还有
a少数只能分发鸡蛋而不是源码包的包裹,
但这些很少见。
- -
Robert Kern
我开始相信整个世界都是一个谜,一个无害的谜团
我们疯狂地试图解释它,好像它有一个潜在的真相。
- Umberto Eco
Harry George< ha ************ @ boeing.comwrites:
历史上, python包在这种情况下发挥得很好。安装
是一个简单的下载,解压,setup.py构建/安装。
鸡蛋和其他安装工具灵感的安装过程打破了这个
范例。首先,tarball是不完整的。构建
有时会徘徊在互联网上寻找更多下载。
安装有时会徘徊到互联网上寻找
兼容性条件。 (或者他们试图这样做并且失败
因为我不让他们通过防火墙。)
如果你提供包含所有依赖项的构建和安装脚本
已经存在
(在当前目录中),我的经验是
setuptools不执行任何网络操作。
-
\自尊:安全的感觉,至今还没有人|
` \可疑" - Henry L. Mencken |
_o__)|
Ben Finney
....at least around here.
I run a corporate Open Source Software Toolkit, which makes hundreds
of libraries and apps available to thousands of technical employees.
The rules are that a) a very few authorized downloaders obtain
tarballs and put them in a depot and b) other users get tarballs from
the depot and build from source.
Historically, python packages played well in this context. Install
was a simple download, untar, setup.py build/install.
Eggs and with other setuptools-inspired install processes break this
paradigm. The tarballs are incomplete in the first place. The builds
sometimes wander off to the internet looking for more downloads. The
installs sometimes wander off to the internet looking for
compatibility conditions. (Or rather they try to do so and fail
because I don''t let themn through the firewall.)
These are unacceptable behaviors. I am therefore dropping ZODB3, and
am considering dropping TurboGears and ZSI. If the egg paradigm
spreads, yet more packages will be dropped (or will never get a chance
to compete for addition).
I''ve asked before, and I''ll ask again: If you are doing a Python
project, please make a self-sufficient tarball available as well. You
can have dependencies, as long as they are documented and can be
obtained by separate manual download.
Thanks for listening.
--
Harry George
PLM Engineering Architecture
Harry George <ha************@boeing.comwrites:
[...]These are unacceptable behaviors. I am therefore dropping ZODB3, and
am considering dropping TurboGears and ZSI. If the egg paradigm
spreads, yet more packages will be dropped (or will never get a chance
to compete for addition).
I''ve asked before, and I''ll ask again: If you are doing a Python
project, please make a self-sufficient tarball available as well. You
can have dependencies, as long as they are documented and can be
obtained by separate manual download.1. Given the presumptuous tone of your own message, I guess I''m not in
danger of coming across as more rude than you when I point out that
your requirements are just that: your own. The rest of the world
won''t *always* bend over backwards to support just exactly what you''d
most prefer.
2. You can run your own private egg repository. IIRC, it''s as simple
as a directory of eggs and a plain old web server with directory
listings turned on. You then run easy_install -f URL package_name
instead of easy_install package_name . The distutils-sig archives
will have more on this.
3. Alternatively, you could create bundled packages that include
dependencies (perhaps zc.buildout can do that for you, even? not sure)
John
Harry George wrote:...at least around here.
I run a corporate Open Source Software Toolkit, which makes hundreds
of libraries and apps available to thousands of technical employees.
The rules are that a) a very few authorized downloaders obtain
tarballs and put them in a depot and b) other users get tarballs from
the depot and build from source.
Historically, python packages played well in this context. Install
was a simple download, untar, setup.py build/install.
Eggs and with other setuptools-inspired install processes break this
paradigm. The tarballs are incomplete in the first place. The builds
sometimes wander off to the internet looking for more downloads. The
installs sometimes wander off to the internet looking for
compatibility conditions. (Or rather they try to do so and fail
because I don''t let themn through the firewall.)Have you considered establishing a policy that these setuptools-using packages
should be installed using the --single-version-externally-managed option to the
install command? This does not check for dependencies.
Alternately, you can provide a company repository of the tarballs and their
depedencies tarballs. Your users can use the easy_install option --find-links to
point to that URL such that they do not have to go outside of the firewall to
install everything.
These are unacceptable behaviors. I am therefore dropping ZODB3, and
am considering dropping TurboGears and ZSI. If the egg paradigm
spreads, yet more packages will be dropped (or will never get a chance
to compete for addition).I''m sorry to hear that.
I''ve asked before, and I''ll ask again: If you are doing a Python
project, please make a self-sufficient tarball available as well. You
can have dependencies, as long as they are documented and can be
obtained by separate manual download.Given the options I outlined above, you can easily satisfy these requirements
for the vast majority of setuptools-using packages that are out there. There are
a handful of packages that only distribute the eggs and not the source tarballs,
but those are rare.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
Harry George <ha************@boeing.comwrites:
Historically, python packages played well in this context. Install
was a simple download, untar, setup.py build/install.
Eggs and with other setuptools-inspired install processes break this
paradigm. The tarballs are incomplete in the first place. The builds
sometimes wander off to the internet looking for more downloads. The
installs sometimes wander off to the internet looking for
compatibility conditions. (Or rather they try to do so and fail
because I don''t let themn through the firewall.)If you provide the build and install script with all the dependencies
already present (in the current directory), my experience is that
setuptools does not do any network actions.
--
\ "Self-respect: The secure feeling that no one, as yet, is |
`\ suspicious." -- Henry L. Mencken |
_o__) |
Ben Finney
这篇关于鸡蛋被认为有害的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
