[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] PEP 594: Removing dead batteries from the standard library

The PEP title is prejudicial and inaccurate. These aren't "dead 
batteries", these are *working batteries* that you want to remove.

If you want a fair and open debate on this, please change the title to 
something less prejudicial. If this were my PEP, I'd call it "Removing 
unloved batteries from the standard library".

On Mon, May 20, 2019 at 10:15:22PM +0200, Christian Heimes wrote:

> Times have changed. The introduction of the cheese shop (PyPI), setuptools,
> and later pip, it became simple and straight forward to download and install
> packages. Nowadays Python has a rich and vibrant ecosystem of third party
> packages. It's pretty much standard to either install packages from PyPI or
> use one of the many Python or Linux distributions.

Christian, I'm glad that you are privileged enough to find it simple and 
straight forward to download and install, but for many Python users, it 
is not so simple or straight forward.

Many Python users don't have the privilege of being able to install 
arbitrary, unvetted packages from PyPI. They get to use only packages 
from approved vendors, including the stdlib, what they write themselves, 
and nothing else. Please don't dismiss this part of the Python community 
just because they don't typically hang around in the same forums we do.

I've worked with organisations where downloading and installing software 
from the internet was grounds for instant dismissal. I've worked with 
organisations with regulatory requirements to do due-dilegance on their 
entire software stack, and getting permission to install an unapproved 
library could take 3-6 months elapsed time and dozens of person-hours, 
including a full review of the licencing and copyright by lawyers.

I've also worked with kids using school computers who don't have either 
the legal permission or the knowledge to use pip install.

Sometimes their school administrators are ... how shall I put this 
kindly? ... over zealous in their efforts to protect the students from 
malware and spyware (apart from the school's own spyware, of course...) 
and rather lacking in their understanding of the difference between 
piracy and Open Source software. Getting Python installed by the school 
admiinistrator is one thing, but allowing the kids to run pip and 
install software themselves is unthinkable.

And remember, in some juristictions, installing software from the 
internet can put you in breach of some draconian laws. At the very 
least, kids may face expulsion.

Despite all the advances in packaging and installation, many people 
still do have trouble installing third-party software. Internet forums 
are full of people asking for help troubleshooting pip install.

"Simple and straight forward" it might be for an expert, but many Python 
users are not experts. The Internet is full of difficult, conflicting 
and/or bad advice about installing software ("just use sudo pip 
install"). Let's look at this advice from Red Hat:

    If you want to use third-party packages, create a virtual 
    environment using python3 -m venv --system-site-packages myenv 
    (or for Python 2, install python2-virtualenv and run python2 
    -m virtualenv --system-site-packages myenv). Then, activate 
    the environment using source myenv/bin/activate, and install 
    packages into it using pip install. The packages will then be 
    available as long as the environment is activated.


That's some serious barrier to entry right there. We're going from:

    batteries included


    what's a virtual enviroment? what's activation? why isn't pip 
    working for me?

I know that saying anything against pip and virtual environments is 
heresy, but honestly, "just install it from PyPI" is not friendly to 
beginners or those who just want something that works without a load of 
extra complexity.