New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ez_setup.py accepts unused 'delay' parameters in several of its functions #173
Comments
Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco): @jurko would you be willing to trace the code ancestry, maybe looking at setuptools 0.6 and distribute, to see if this parameter was ever used? If it was, it would be very useful to know when it was no longer honored, even if just for documentation purposes. |
Original comment by jurko (Bitbucket: jurko, GitHub: jurko): I don't think I've ever seen it honored. I just checked out the Hmmm, but 0.6c8 has something related to it:
I'll try to track down exactly where it got changed... |
Original comment by jurko (Bitbucket: jurko, GitHub: jurko): Found it - removed in the distribute project.
Removed in the file Before the script really did sleep for a given number of seconds before initiating the setuptools egg download. The default delay time was 15 seconds. It could be specified externally (i.e. using a public interface) via And since I assume most installations wanted for their download to start as soon as possible, they would in general really specify that parameter and set it to That means that some older package installations may still be doing that simply because 'that's the way it's always been done'. If that is so, then simply removing this parameter would not be something you'd want to do without a depreciation period. My suggestion, after seeing this, is that you output a very visible warning message about this parameter having no meaning, and how it should not be used as it has been marked as deprecated and will be removed in some future setuptools release. And then schedule actually removing it at some later time, e.g. in a year or two. 😄 You can do the usage check safely by defining a local Hope this helps. Best regards, |
Original comment by jurko (Bitbucket: jurko, GitHub: jurko): This is a patch for
I noticed that the internal Otherwise, my intention was to add some tests to it like the following (N.B. untested and requires further refactoring to avoid code duplication):
Without going much deeper into its implementation, it seems to me that this test script might have gone stale and has not been kept updated. Possibly because the regular setuptools test suite (run using Hope this helps. Best regards, |
Original comment by pje (Bitbucket: pje, GitHub: pje): FYI, the original reason for having a delay was to allow the user to prevent ez_setup.py from even starting to download code over the internet, as a side effect of manually installing a package from source. At the time the code was written, some people would really freak out about this sequence of events:
The banner was placed there in order to give people a warning and explanation of what was happening, while also giving them a chance to abort the process and do it manually, instead of either freaking them out or else hanging on an absent network connection. Both scenarios (i.e "WTF is this" and "why doesn't your crappy software handle disconnected installs") were complained about bitterly when ez_setup first landed -- so I added the warning and delay, and the complaints got less frequent and considerably less bitter. I'm not sure why distribute removed this; maybe they thought that if you were running their ez_setup then you knew all about this already, and just didn't think about end users in the third-party install scenario, where they are running some random setup.py and not expecting downloading to take place. |
Original comment by jurko (Bitbucket: jurko, GitHub: jurko): Ok, I'm a bit confused here. Was that not something that package X was supposed to take care of? I mean - it decided to use I don't really see someone would find this to be the setuptools' fault. It clearly advertises what ez_setup.py is for and what you get when you use it. Package X can always choose to not use Or is there something I'm missing here? Best regards, |
Original comment by pje (Bitbucket: pje, GitHub: pje): Yes, people took up the issue with package X, by telling them not to use setuptools. ;-) As for package X bundling setuptools, the whole idea behind ez_setup.py was to make it possible for package X not to deal with bundling anything besides ez_setup.py, in order to give the user a one-step (or nearly so) installation process. So, if package X's maintainer has to jump through these hoops, using ez_setup became more of a pain, and the whole idea was for it to reduce the pain for both the developer and the end user. It's possible that at this point, almost a decade later, that "everybody knows" running "setup.py install" might cause code to be downloaded from the internet. What's more, it's much more common for people to already have pip or easy_install already on their system in the first place, so the issue never comes up. I'm not saying the message or the delay should be kept, per se; just explaining why it was there in the first place, to make sure the use case was known and understood, so that an informed decision can be made. |
Original comment by jurko (Bitbucket: jurko, GitHub: jurko): Here are some more random ramblings on the subject - hopefully they coalesce into something concrete by the time I'm done writing them. 😄 First of, if a package X can be written without its setup and/or runtime requiring setuptools, and can do so easily - it really should. Nuff' said... 😄 However, setuptools addresses some real problems encountered when preparing complex project setup & configuration procedures, e.g. automatically running py2to3 source code conversions, collecting a list of modules to be included in a distribution, managing dependencies, organizing a clean externally managed entry point repository accessible via a clean standardized API, etc. If a project encounters such problems, it can resolve them itself and pay the price of developing & maintaining that code base, or it can opt to use setuptools. The tradeoff here is for package X maintainers to make. Personally, now that setuptools development is active again, I generally opt to use setuptools freely. 😄 If a project opts to use setuptools as its dependency - that dependency needs to be installed somehow, same as with any other dependency - with the cost paid by project X and/or the user. Available options are discussed below. #Project X perspective# ##1. project X not having dependencies## Difficult for non-minimalistic projects, as it can require lots of custom coding & maintenance.
##2. user downloading/installing project X and its dependencies##
##3. project X distribution including its dependencies##
##4. project X installation downloads and installs the dependencies## This is the scenario that setuptools project's
All in all - someone, somewhere needs to pay the piper. 😄 #User perspective# Looking at this from the user's perspective - a user can want different things from package X, and as a user - I want it all! 😄
and all such use cases should be allowed. 😄 Project X should be able to decide the 'default behaviour' most suitable for its users, but users should be able to specify their desired behaviour explicitly. The horror @pje spoke of would relate to use cases where a user did not want an extra download. My first instinct tells me to attack that problem by instructing/helping project X provide command-line options explicitly choosing its behaviour, and selecting the 'default' it finds suitable for its users. I guess the 'show message & delay' technique can be supported as well, but I would definitely not make it the default behaviour 'when project X chooses nothing else'. Since setuptools is a package management solution, I guess project X could make a 'simple call' to one of its utility scripts like I guess one thing that does make the Hope this helps. Best regards, |
Hello, I think we should be able to close this considering the fact that If anyone would like to reopen this issue, please feel free to comment bellow with more information or other use cases that we might be missing 😄 |
Originally reported by: jurko (Bitbucket: jurko, GitHub: jurko)
setuptools project's ez_script.py script contains several functions taking a
delay
or a similar delay-like parameter that effectively gets ignored in the end.download_delay
inuse_setuptools()
--> forwarded to_do_download()
download_delay
in_do_download()
--> forwarded todownload_setuptools()
delay
indownload_setuptools()
--> ignoredMy suggestion would be to either remove those parameters or at least mark them as deprecated and scheduled for removal in some future setuptools version.
Best regards,
Jurko Gospodnetić
The text was updated successfully, but these errors were encountered: