Questions about dependencies

[jbergknoff-rival]

Hi, we're considering pulling in this SDK in several Python projects. Because we build those projects in pretty bare containers, the compiled dependencies here (mmh3, and cryptography from requests[security]) mean that we need to install some additional OS packages at build time. That's not a showstopper, but some questions came up:

• Is requests[security] needed? From https://github.com/psf/requests/pull/4825/files, it seems like it's probably not needed anymore, since fixes have been introduced in the standard library in Python 2.7.9 and 3.4.3.

• There is already fallback code in case mmh3 isn't installed:

  python-sdk/optimizely/bucketer.py

  Lines 16 to 19 in d3ffe33

  	try:
  	import mmh3
  	except ImportError:
  	from .lib import pymmh3 as mmh3

  , but the mmh3 requirement doesn't seem to be optional. Could it be made optional?

• Do you have any details on the performance penalty of using the pure-Python Murmur3 implementation, as compared to the compiled version? I suspect that, in our use case (AWS Lambda, process per request), it may not be an issue.

[scottanderson42]

In a similar vein, the Optimizely jsonschema dependency (==2.6.0) is conflicting with that of the boto packages (~=3.0).

[jonfreeland]

In a similar vein, the Optimizely jsonschema dependency (==2.6.0) is conflicting with that of the boto packages (~=3.0).

We are also encountering issues with the jsonschema dependency conflicting with Poetry 0.12.17. Can we get an update on this issue?

[aliabbasrizvi]

We are bumping jsonschema and will release a new SDK which should hopefully address the issue.

[aliabbasrizvi]

mmh3 requirement doesn't seem to be optional

mmh3 is the standard way to do bucketing across all Optimizely SDKs and so that ensures that experience delivery is consistent throughout the stack irrespective of which SDK you use.

Unfortunately, I do not have numbers comparing the performance of the 2 mmh3 implementations. There is a reference to performance from the original authors here: https://github.com/wc-duck/pymmh3#performance

I'll get back on the question about requests[security].

[aliabbasrizvi]

@jonfreeland @scottanderson42 release 3.4.1 is available with updated jsonschema package. Hopefully that addresses the issue you ran into.

[daviddomingoslalom]

Hey @aliabbasrizvi seems like the mmh3 lib is giving us some trouble in our docker image because we don't have the c++ compiler installed. I googled the issue and it looks like other people are running into the same thing: hajimes/mmh3#20

The author seems to have abandoned the project so I don't see any solution in the near future. What do you suggest we do? Should we just use the API directly via http?

[GordonSo]

Notice that mmh has released 3.0.0 - do you need contributors to help bump that up?

Also +1 to the idea of making "mmh" optional - since it's seemingly a nice-to-have performance feature (IF ANY) for those with the right environment setup, it'd be nice to reduce the dependency and enrich the documentation for those interested.

Maybe a slim version vs a full version: https://www.python.org/dev/peps/pep-0508/#extras

PS: currently, it appears we have to include an extra step to install C++ on for our devs with Windows machine setup which is an inconvenience caused by this.

[The-inside-man]

This issue is now closed and will be part of the next release of the python-sdk.
#362