Jiri Horner <laeqten_at_gmail.com> schrieb am Fr., 3. Juni 2016 um 16:14 Uhr:
> Have you considered integrating pip with apk? Like `apk add py-foo` would
> invoke pip to install `foo` for you and manage upgrades too. I was using
> script that did something similar, so I don't need to switch between apk
> pip and it was quite comfortable.
> This way it'll be only needed to maintain packages that need patches and
> python packages would remain fist-class citizens and they would be
> upgraded with
> system packages. Also packaged applications could declare dependencies on
> in PyPI easily.
I am very much against this.
apk should only offer packages for which we can
a) verified content, pypi packages are not even signed, installing them
does warrent special security considerations since installing python
packages from pypi usually means running setup.py, in a system-wide
installation probably as root.
b) dependency management will be difficult, as several python packages have
non-python dependencies. Often these need to invoke a compiler to build
c) apk should only install things for which we can guarantee (to a degree)
that they are functional on alpine, which is pretty much impossible for
pypi packages, especially if b) applies.
Natanael Copa <ncopa_at_alpinelinux.org> schrieb am Fr., 3. Juni 2016 um
> 1. clean up. (figure out what we can remove and remove it)
> 2. rename py-* to py2-*
> 3. add py3-*
While we are at it, we should probably check which of the remaining
packages need to remain in main and which ones can be moved to community.
Received on Fri Jun 03 2016 - 16:10:48 GMT