Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Torokhov Sergey <torokhov-s-a@××××××.ru>
To: "gentoo-dev@l.g.o" <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] dev-python/ package naming policy?
Date: Sat, 28 Jan 2023 23:15:27
Message-Id: 2619211674946765@mail.yandex.ru
In Reply to: [gentoo-dev] dev-python/ package naming policy? by "Michał Górny"
1
The similar names in PyPi is a real problem for users when trying to find associated packages. It's also could be a security issue for them with malicious packages named like popular packages.��
So in ::guru I try to save package naming even if it's too�� CamelCase.
As for replacing dot�� (".") with hyphen ("-") I have PyPi package "FoBiS.py" that is packaged in ::guru just as "FoBiS" as I wasn't sure is it worth to store ".py" suffix while github repo of this project is just "FoBiS". So there could be a problem if package named "fobis" will appear in PyPi.
28.01.2023, 19:38, "Micha�� G��rny" <mgorny@g.o>:

Hi, everyone.

TL;DR: I'd like to propose naming dev-python/* packages following PyPI
names whenever possible, case-preserving, with modifications only when
necessary to match PN rules.


So far the naming in dev-python/* hasn't been exactly consistent.
Myself I've been mostly following "whatever's the easiest" policy which
generally meant following GitHub project names whenever we fetched from
there.

This mostly made sense so far, as I've been thinking of dev-python/
primarily in terms of dependencies of other packages. However, it's
been pointed out that this makes it hard for people to find packages
they're looking for.

The vast majority of packages in dev-python/ are also published on PyPI
[1]. They can afterwards be installed using tools such as pip, or
specified as dependencies of other projects ��� using their PyPI names
in every case.

On top of that, it is not unknown for multiple packages with very
similar names to coexis, say "foo", "pyfoo" and "python-foo". When GH
project names come into the picture, this can get even more ambiguous.
Don't even get me started about developers pushing duplicate packages
because they didn't find the existing instance.


To improve consistency and make packages easier to find, I'd like to
propose going forward that when packages are published on PyPI, we use
their official PyPI names. This also means preserving the case for
the few packages that use CamelCase names and similar.

Some modifications will be necessary. For example, it is legal for PyPI
package names to include dot (".") ��� we normally translate that to a
hyphen ("-"). We may also have use cases for creating multiple Gentoo
packages from the same PyPI package (see e.g. dev-python/ensurepip-*).
Then, there are of course Python packages that aren't published on PyPI.

Still, I think as a general rule of thumb this would make sense. WDYT?


[1] https://pypi.org/

--
Best regards,
Micha�� G��rny

Replies

Subject Author
Re: [gentoo-dev] dev-python/ package naming policy? "Michał Górny" <mgorny@g.o>
Re: [gentoo-dev] dev-python/ package naming policy? John Helmert III <ajak@g.o>
Report Message
Find on MARC Find on Google Groups