Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setuptools requirement in setup.py:install_requires is unsafe #187

Closed
sevein opened this issue Apr 4, 2020 · 1 comment · Fixed by #188
Closed

setuptools requirement in setup.py:install_requires is unsafe #187

sevein opened this issue Apr 4, 2020 · 1 comment · Fixed by #188
Assignees
@sevein
Labels
bug A product defect that needs fixing P2 Medium priority issues to be scheduled in a future release
Milestone
v1.6

Comments

@sevein
Copy link
Contributor

sevein commented Apr 4, 2020
edited by carlwilson
Loading

0.5 day

setup.py:install_requires lists setuptools but that's generally considered unsafe. E.g.: it may inadvertently upgrade the setuptools package in the user environment.

I introduced that requirement accidentally back when I addded fido.__version__ in
d6d1071. Likely because a problem with my development setup.
@sevein sevein mentioned this issue Apr 4, 2020
Merged
@sevein
Copy link
Contributor Author

sevein commented Apr 4, 2020
edited
Loading

If we eventually identify that fido needs a minimum setuptools version to build correctly, that constraint should be described in the build environment, not in the execution environment. E.g.: it could be listed in requirements/packaging.txt or in the new pyproject.toml like in this example.

An alternative is to use setup_requires. That's what pytest seems to be doing.

@carlwilson carlwilson added bug A product defect that needs fixing P2 Medium priority issues to be scheduled in a future release labels May 5, 2020
@carlwilson carlwilson added this to the v1.6 milestone May 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sevein sevein

Labels
bug A product defect that needs fixing P2 Medium priority issues to be scheduled in a future release
Projects
None yet
Milestone
v1.6
Development

Successfully merging a pull request may close this issue.

Remove setuptools dependency sevein/fido
2 participants
@carlwilson @sevein