Menu
There are quite a few people wondering for an alternative to dependency links in the setup.py (activated with the pip flag --process-dependency-links): What is the alternative to using --process-dependency-links with pip,
Depend on git repository in setup.py. Basically, I got bitten by the deprecation warning:
"DEPRECATION: Dependency Links processing has been deprecated and will be removed in a future release."
Some people have suggested using requirements.txt, however that is not an alternative as it is meant to provide an entire environment, usually more associated with development. The install_requires is supposed to provide a sort of minimum set of libraries that are necessary to work with the standard functionality, so that when you do something like pip install [LIBRARY], everything needed is installed, without any further pip install -r requirements.txt (I am referring to cases in which the LIBRARY paramater of pip install [LIBRARY] would come in the form of a URL like git+http:\\github.com\username\repo.git).
My issue with the deprecation is that I cannot reference internal/private packages, but I can also see how this could be a problem if it is required to reference a particular commit or branch in git (at least I know I had done this in the past).
All that said, the use of dependency_links is complicated, e.g. the syntaxis is not always clear, there exist several ways of specifying urls, and people tend to forget that they have to put the name-version of the library in both the dependency_links and the install_requires lists. I would like to hear that this deprecation is in favor of an improvement, but doesn't seem to be the case
So, to summarize, what is the reason for deprecating dependency links? Is the deprecation of dependency links in favour of a better alternative? It doesn't seem that there is an alternative
634
Here are some of the main things we need to know: ...as of the last few years all direct invocations of setup.py are effectively deprecated in favor of invocations via purpose-built and/or standards-based CLI tools like pip, build and tox.
dependency_links is deprecated · Issue #50718 · pytorch/pytorch · GitHub.
Even for projects that do choose to use distutils , when pip installs such projects directly from source (rather than installing from a prebuilt wheel file), it will actually build your project using setuptools instead.
Use of Setup.py It primarily serves two purposes: It includes choices and metadata about the program, such as the package name, version, author, license, minimal dependencies, entry points, data files, and so on. Secondly, it serves as the command line interface via which packaging commands may be executed.
PEP 508 URL dependencies are the alternative for dependency-links. You can find more details about that in my related answer.
What is the reason for deprecating dependency links?
Security. When dependency links are enabled, pip can be made to fetch arbitrary URLs from the internet and run code from them -- something that is obviously not a good idea.
You can read more about it in the original thread proposing this: https://mail.python.org/pipermail/distutils-sig/2013-October/022937.html
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
