setuptools requirement in setup.py:install_requires is unsafe

openpreserve / fido

Format Identification for Digital Objects (FIDO) is a Python command-line tool to identify the file formats of digital objects. It is designed for simple integration into automated work-flows.

http://openpreservation.org/technology/products/fido/

Other

148 stars 47 forks source link

setuptools requirement in setup.py:install_requires is unsafe #187

Closed sevein closed 4 years ago

sevein commented 4 years ago

0.5 day

setup.py:install_requires lists setuptools but that's generally considered unsafe. E.g.: it may inadvertently upgrade the setuptools package in the user environment.

I introduced that requirement accidentally back when I addded fido.__version__ in https://github.com/openpreserve/fido/commit/d6d10713420e74f18d652c3a8b6cb2e3bb31de13. Likely because a problem with my development setup.

sevein commented 4 years ago

If we eventually identify that fido needs a minimum setuptools version to build correctly, that constraint should be described in the build environment, not in the execution environment. E.g.: it could be listed in requirements/packaging.txt or in the new pyproject.toml like in this example.

An alternative is to use setup_requires. That's what pytest seems to be doing.