ENH: add support for PEP 639 #681
Conversation
dnicolodi
force-pushed
the
pep639
branch
2 times, most recently
from
2deba65
to
d8d6030
Compare
dnicolodi
force-pushed
the
pep639
branch
17 times, most recently
from
4e73d80
to
6c49f01
Compare
It is a bit uglier than what I would like because I wanted to keep compatibility with older pyproject-metadata. meson-python supports anything back to version 0.7.1. |
dnicolodi
force-pushed
the
pep639
branch
3 times, most recently
from
17ed963
to
044f487
Compare
|
I gave this a shot in matplotlib/matplotlib#28982, and |
|
I'm not very well versed in licensing issues, but I don't think the way PEP 639 supports declaring package licenses works well for this use case. The main problem is that it expects the license of the package's sdist and wheel to be exactly the same. For packages like matplotlib that link statically with some libraries, this is not the case: the license of the source code is the matplotlib license, the license of the wheel is the union of the matplotlib license with the license of all the libraries linked to it. Concretely, the issue is that in the most common case the subprojects directory does not contain the source code of the subprojects but only references to them (in the matplotlib case in the form of meson wrap files). However, the I don't know how the problem could be solved. The most formally right solution would to allow source and binary distributions to have different licenses. But this is a quite significant change in behavior for the package metadata system. The pragmatic solution is to add the subprojects' license files to the source distribution and accept that the sdist as a whole might have a more restrictive license than what it could have. |
This is not true. Metadata can be dynamic and vary between the sdist and the wheel. It's already dynamic as a result of being calculated from meson introspection, so you just need to mark that in the sdist as well. The decision to make sdist metadata static and forbidden to change is... definitely a decision of all time. But the good news is it comes with an escape hatch. This escape hatch is needed since the spec also says that it's illegal per the spec to apply open source patches to an sdist metadata if the fields are marked as static. 🤷 |
I'm not sure about what you mean with this. meson-python documentation is not on readthedocs and we have a "Source Code" link in the left sidebar (and typing this made me realize that the capitalization of the title of the link is inconsistent with the other titles). |
Thanks. I'll add tests making sure the validation of the license field works as expected. |
|
By readthedocs I meant https://mesonbuild.com/meson-python/. Okay, I was looking for a GitHub icon on the bottom or top or similar, but that's not bad. |
dnicolodi
force-pushed
the
pep639
branch
6 times, most recently
from
9d2b2a5
to
40292fb
Compare
Dynamic metadata is seen as such a nice feature that there is a discussion about eliminating it: I don't have the time to read these long threads on Python discourse (even more so because discourse is horrible) let alone contribute any opinions. But I thought that some here may be interested... |
Agreed on both counts about reading the Python discourse. But from a quick look at the initial post before the site became impossible to read, it appears to make a few basic arguments about why dynamic metadata is "bad".
I find both arguments weak enough that I suspect the dislike of dynamic metadata came first and the supporting arguments were created to fit the narrative. None of this matters for sdists or wheels because both contain static metadata explicitly intended to be a cache, and editable installs are an extremely specific use case that users have already chosen to make some sacrifices in order to use -- plainly they are not worried about the version number or if they care they are using Lockfiles can just avoid self-inflicted wounds by generating them when asked, but it doesn't actually matter either way since lockfiles only have to do ANY of this on bare source trees, not dependencies obtained via sdist/ wheel, which means that users who use poetry / uv can choose to avoid dynamic metadata and users who prefer dynamic metadata can generate lockfiles less frequently. This is yet another example of people who think the point of a standard is to hard-line forbid people from doing perfectly reasonable things that are optional, because the people doing the forbidding don't personally value that thing, and cannot abide the idea that anyone else would value it. This contrasts with the fact that the standard currently allows all those perfectly reasonable things precisely because they are perfectly reasonable, and forbidding them would upset the people who are perfectly justified in doing perfectly reasonable things. The whole argument is undoubtedly just perl code. They'll get tired of it after a while and nothing will change, not even opinions. |
dnicolodi
force-pushed
the
pep639
branch
3 times, most recently
from
b63b0ea
to
9a90048
Compare
Having PEP 639 metadata supported or not based on the version of a transitive dependency would not make for a great user experience. Supporting PEP 639 metadata requires pyproject-metadata 0.9.0.
|
|
I've looked into what it would take to add support for metadata 2.4 to I don't know why |
|
In the meantime, it is possible to install |
|
@agriyakhetarpal The dependecy problem is not a problem in itself. It is only a problem because implementing metadatya 2.4 support in twine requires adding support to pkginfo and make twine consume the added metadata fields. If there is no maintainer interest in supporting a version of pkginfo release a long while back, I don't see how there could be interest in merging patches to work with a future release. It is my understanding that, without support in the upload tool, the license information recorded in the |
|
For what is worth, |
|
|
|
I've opened a bug offering to port |
I understand the state of things better now, thanks for the context! |
Closes gh-270