[openstack-dev] Requests + urllib3 + distro packages

Thomas Goirand zigo at debian.org
Mon Oct 12 13:24:52 UTC 2015

Note: it's not my intention to restart a flame war about vendorizing of
urllib3 in requests, however, I can't let you write wrong things, and
the point of this message is only that, not discussing if requests
should stop vendorizing (I've given up a long time ago any attempt to
convince upstream about this...).

On 10/09/2015 09:21 AM, Cory Benfield wrote:
> Additionally, getting *all* of
> Fedora/Debian/Ubuntu on board with not unbundling requests is about as likely
> as hell freezing over.

Debian + Ubuntu is only a single maintainer (Daniele Tricoli, plus the
Debian Python Module Team), and he will (for very valid reasons) not
want to do it. I support his decision.

The issue here isn't downstream distros though, but an upstream who
don't want to care about downstream. We're only trying to deal with
this, let's not spread the propaganda that the issue is in downstream
distros: it is *not*.

On 10/09/2015 03:58 PM, Cory Benfield wrote:
> As you correctly identify in your subsequent email, William, the
> core problem is mixing of packages from distributions and PyPI.

It's not. The core problem is vendorizing. It would work perfectly to do
such mix-up otherwise (see below).

On 10/09/2015 03:58 PM, Cory Benfield wrote:
> This happens with any tool with external dependencies: if you
> subsequently install a different version of a dependency using a
> packaging tool that is not aware of some of the dependency tree, it
> is entirely plausible that an incompatible version will be installed.
> It’s not hard to trigger this kind of thing on Ubuntu. IMO, what
> OpenStack needs is a decision about where it’s getting its packages
> from, and then to refuse to mix the two.

I regret to say it in a so direct way, but this is simply false. Pip
install'ed packages very easily co-exist with system install'ed
packages, because there's a central registry composed the a collection
of egg-info files. Just, the virtualenv will have precedence over the
system version. But if no package does vendorizing, mixing system
packages and virtualenv with pip install works perfectly. There's only
one issue with this: Python 3 and namespace. This is by the way one of
the reason we removed the namespace from the Oslo libs, it didn't work
well for Python 3 and namespace to run tests for distributions.

Thomas Goirand (zigo)

More information about the OpenStack-dev mailing list