@@ -579,7 +579,7 @@ and most Python-based packages will also have ``$(PYTHON_TOOLCHAIN)`` as
579579an order-only dependency, which will ensure that fundamental packages such
580580as ` ` ` ` ` ` ` `
581581
582- The best way to install a Python-based package is to use ` ` ` `
582+ The best way to install a ` ` normal ` ` Python-based package is to use ` ` ` `
583583case the ` ` ` `
584584
585585.. CODE-BLOCK:: bash
@@ -603,12 +603,15 @@ For example, the ``scipy`` ``spkg-check.in`` file contains the line
603603
604604 exec python3 spkg-check.py
605605
606- Abstract requirements: The install-requires.txt file
607- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
606+ Abstract requirements: The ` ` ` `
607+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
608608
609- All normal Python packages and all wheel packages must have a file ` ` ` `
610- If a Python package is available on PyPI, this file must contain the
611- name of the package as it is known to PyPI.
609+ All ` ` ` ` ` ` ` `
610+ ` ` ` ` ` ` ` `
611+ it is missing, the ` ` ` `
612+
613+ If a Python package is available on PyPI, the ` ` ` `
614+ contain the name of the package as it is known to PyPI.
612615
613616Optionally,
614617` ` ` `
@@ -660,11 +663,11 @@ Setting upper bounds to guard against incompatible future changes is
660663a complex topic; see :trac:` 33520`
661664
662665
663- Concrete (pinned) requirements: The package-version.txt file
664- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
666+ Concrete (pinned) requirements of ` ` normal ` ` , ` ` wheel ` ` , ` ` script ` ` packages : The ` ` ` `
667+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
665668
666- Like normal non-Python packages, all normal Python packages and all wheel packages
667- must have a file ` ` ` `
669+ Like ` ` ` ` ` ` ` ` ` ` ` `
670+ must have a file ` ` ` ` For ` ` script ` ` Python packages, the file is optional.
668671
669672Sage uses this version for two purposes:
670673
@@ -678,6 +681,69 @@ Sage uses this version for two purposes:
678681 the ` pip User Guide < https://pip.pypa.io/en/stable/user_guide/# requirements-files>`
679682
680683
684+ Concrete requirements of ` ` ` ` ` ` ` `
685+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
686+
687+ In contrast to ` ` ` ` ` ` ` ` ` ` ` `
688+ ` ` ` ` ` ` ` `
689+
690+ Instead, the concrete requirements are set in a ` ` ` `
691+ file, which is passed directly to ` ` ` `
692+
693+ The ` ` ` `
694+ in the ` pip User Guide
695+ < https://pip.pypa.io/en/stable/user_guide/# requirements-files>`
696+ Through this format, the concrete requirements can either be
697+ pinned to a specific version, or set acceptable version ranges, or be
698+ entirely unconstrained. The format is even flexible enough to install
699+ several distribution packages at the same time, and to conditionalize
700+ on the operating system or Python version.
701+
702+ Pinning a version has the potential benefit of stability, as it can
703+ avoid retroactive breakage of the Sage distribution by new,
704+ incompatible versions, and can also help achieve reproducibility
705+ of computations.
706+
707+ The cost is that updating the version requires
708+ work by at least two Sage developers: One who prepares a PR and one
709+ who reviews it. Moreover, when the package does not get the attention of
710+ developers who upgrade it, there is the potential risk of missing out
711+ on bugfixes made in newer versions, or missing out on features in
712+ major new versions.
713+
714+ Not pinning the version has the obvious potential benefit of always
715+ being up to date, as ` ` ` `
716+ obtain and install the package. (Note that ` ` ` ` ` ` ` `
717+ packages are always pinned and do not even have access to the index
718+ server at the time of building and installing the package.)
719+
720+ But this dynamism also brings a risk
721+ of instability, either by the package itself being affected by bugs in
722+ a new version, or by breaking compatibility with Sage.
723+
724+ What policy is best for a package depends on various factors,
725+ including the development velocity and quality control that the
726+ upstream project uses, the interest by Sage developers in the package,
727+ the depth of integration in Sage, whether it affects the mathematics,
728+ etc.
729+
730+
731+ Note about dependencies of ` ` ` `
732+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
733+
734+ Dependencies of a ` ` ` `
735+ in the Sage distribution, as the package can pull some of its build-time and
736+ run-time dependencies directly from PyPI. That's a mild convenience for developers,
737+ and can be important if one wants to leave the version range wide open.
738+
739+ However, if a dependency is also a package of the Sage distribution,
740+ then we must declare this dependency. Otherwise, various errors
741+ can occur when building or upgrading. When new versions of ` ` ` `
742+ packages add dependencies that happen to be Sage packages, there is a
743+ separate source of instability.
744+
745+
746+
681747.. _section-spkg-SPKG-txt:
682748
683749The SPKG.rst file
@@ -1143,7 +1209,9 @@ For Python packages available from PyPI, you can use::
11431209 --type optional
11441210
11451211This automatically downloads the most recent version from PyPI and also
1146- obtains most of the necessary information by querying PyPI.
1212+ obtains most of the necessary information by querying PyPI. In particular,
1213+ the ` ` ` ` ' s README file.
1214+
11471215
11481216The ``dependencies`` file may need editing (watch out for warnings regarding
11491217``--no-deps`` that Sage issues during installation of the package!).
0 commit comments