In summary: - Uploading eggs that have loose install_requires dependencies to the cheeseshop is harmful. - Taking non-Zope-the-appserver deployments into account, I'd be suspicious of any "install_requires" dependency on "zope.configuration" except in a Zope-the-appserver meta-egg. - Same for the [zcml] extra when specifying 'zope.component' in install_requires. - The dependencies of zope.configuration seem not sane, transitively. - The dependencies of zope.component [zcml] seem not sane, transitively (although 'zope.component' without the [zcml] is reasonably sane). Details: I wanted to go use zope.pagetemplate in a small non-Zope project. When I did "easy_install zope.pagetemplate" (from PyPI) into a fresh virtual environment, it installed all of the following eggs: ./zope.pagetemplate-3.4.0-py2.4.egg ./zope.tal-3.4.0-py2.4.egg ./zope.tales-3.4.0-py2.4.egg ./zope.interface-3.4.1-py2.4-macosx-10.3-i386.egg ./zope.i18n-3.4.0-py2.4.egg ./zope.i18nmessageid-3.4.3-py2.4-macosx-10.3-i386.egg ./zope.configuration-3.4.0-py2.4.egg ./zope.component-3.4.0-py2.4.egg ./pytz-2007g-py2.4.egg ./zope.schema-3.4.0-py2.4.egg ./zope.deprecation-3.4.0-py2.4.egg ./zope.proxy-3.4.0-py2.4-macosx-10.3-i386.egg ./zope.security-3.4.0-py2.4-macosx-10.3-i386.egg ./zope.event-3.4.0-py2.4.egg ./zope.deferredimport-3.4.0-py2.4.egg ./zope.testing-3.5.1-py2.4.egg ./zope.location-3.4.0-py2.4.egg ./zope.exceptions-3.4.0-py2.4.egg ./zope.traversing-3.4.0-py2.4.egg ./zope.publisher-3.4.1-py2.4.egg ./zope.app.applicationcontrol-3.4.1-py2.4.egg ./zope.app.testing-3.4.1-py2.4.egg ./zope.size-3.4.0-py2.4.egg ./zope.error-3.5.1-py2.4.egg ./zope.app.security-3.4.0-py2.4.egg ./zope.app.publication-3.4.3-py2.4.egg ./zope.app.folder-3.4.0-py2.4.egg ./zope.app.dependable-3.4.0-py2.4.egg ./zope.app.debug-3.4.0-py2.4.egg ./zope.app.container-3.5.2-py2.4-macosx-10.3-i386.egg ./zope.app.component-3.4.1-py2.4.egg ./zope.app.authentication-3.4.1-py2.4.egg ./zope.annotation-3.4.0-py2.4.egg ./zope.app.appsetup-3.4.1-py2.4.egg ./ZODB3-3.8.0b4-py2.4-macosx-10.3-i386.egg ./zope.app.publisher-3.5.0a2-py2.4.egg ./zope.app.pagetemplate-3.4.0-py2.4.egg ./zope.app.form-3.4.1-py2.4.egg ./zope.app.exception-3.4.1-py2.4.egg ./zope.app.error-3.5.1-py2.4.egg ./zope.app.http-3.4.1-py2.4.egg ./zope.dublincore-3.4.0-py2.4.egg ./zope.datetime-3.4.0-py2.4.egg ./zope.copypastemove-3.4.0-py2.4.egg ./zope.app.broken-3.4.0-py2.4.egg ./zope.filerepresentation-3.4.0-py2.4.egg ./zope.lifecycleevent-3.4.0-py2.4.egg ./zope.dottedname-3.4.2-py2.4.egg ./zope.cachedescriptors-3.4.0-py2.4.egg ./zope.app.zapi-3.4.0-py2.4.egg ./zope.thread-3.4-py2.4.egg ./zope.formlib-3.4.0-py2.4.egg ./zope.app.interface-3.4.0-py2.4.egg ./zope.app.session-3.5.1-py2.4.egg ./zdaemon-2.0.1-py2.4.egg ./ZConfig-2.5-py2.4.egg Once it gets past ZConfig, it then failed with: error: Installed distribution zope.traversing 3.4.0 conflicts with requirement zope.traversing>=3.5.0a1.dev-r78730 The transitive install_requires dependencies of zope.pagetemplate 3.4.0 can't possibly be right, or at least they're much too conservative. The problem starts in the install_requires of zope.i18n: install_requires=['setuptools', 'pytz', 'zope.i18nmessageid', 'zope.component [zcml]', 'zope.configuration', ], zope.i18n should not depend on zope.configuration in install_requires, because it's only used in it's "zcml.py" and if you use it as a library (as opposed to as a Zope plugin) you won't load up any of its zcml; even if "important" stuff gets registered, it's expected that you'll have to do it by hand when it's used as a library. The dependency on 'zope.component [zcml]' is legitimate except for the [zcml] part for the same reason. The install_requires for the zope.pagetemplate setup.py (at least for 3.4.0) should be: install_requires=['setuptools', 'pytz == 2007g', 'zope.i18nmessageid == 3.4.3', 'zope.component == 3.4.0', ], When I build a new zope.i18n (3.4.0) egg with these dependencies, its transitive dependency set when installed is: pytz-2007g-py2.4.egg setuptools-0.6c7-py2.4.egg zope.component-3.4.0-py2.4.egg zope.deferredimport-3.4.0-py2.4.egg zope.deprecation-3.4.0-py2.4.egg zope.event-3.4.0-py2.4.egg zope.i18n-3.4.0-py2.4.egg zope.i18nmessageid-3.4.3-py2.4-macosx-10.3-i386.egg zope.interface-3.4.1-py2.4-macosx-10.3-i386.egg zope.proxy-3.4.0-py2.4-macosx-10.3-i386.egg .. which is acceptable, I think. Once that's done, the additional dependencies imposed by zope.pagetemplate are: zope.pagetemplate zope.tal zope.tales .. and it works as a library: Python 2.4.4 (#1, Oct 17 2007, 20:25:32) [GCC 4.0.1 (Apple Computer, Inc. build 5250)] on darwin Type "help", "copyright", "credits" or "license" for more information.
from zope.pagetemplate.pagetemplatefile import PageTemplate my_pt = PageTemplate() my_pt.write("<html></html>") my_pt() u'<html></html>\n'
I ran all unit tests by hand, as opposed to risking false passes due to installations that would come from tests_require when invoked via setup.py test and they work. I've uploaded the revised zope.i18n tarball here: http://dist.repoze.org/zope.i18n-3.4.0.1-repoze.tar.gz The current release of zope.pagetemplate on PyPI just can't be installed via easy_install due to a conflict, probably because somebody uploaded a new egg and some dependency isn't specific enough. Removing the dependency on "zope.configuration" and "zope.component [zcml]" (replacing it with "zope.component") in my case happens to fix that for me temporarily but this is indicative of a larger problem. Distributions made with "install_requires" specifications that do not name a particular "==" version or at least a min-max range should not be uploaded to the cheeseshop (as opposed to a private repository that has a smaller working set and to whom fewer people contribute), because their existence is just pollution for people who try to install them using easy_install. The transitive dependency set will inevitably break over time as new (incompatible) eggs are uploaded, as the Grok folks already know. I think fixing this sort of stuff is important if it's a goal to allow people to use Zope technologies outside of Zope-the-appserver. I'd like to participate by making new releases, but I'm not sure whose toes I'd be stepping on, and I think I'd need guidance from people who understand why things are the way they are now. Maybe we should have a sprint. - C