ENH: add support for PEP 639 #681
Conversation
dnicolodi
force-pushed
the
pep639
branch
2 times, most recently
from
2deba65 to
d8d6030
Compare
dnicolodi
force-pushed
the
pep639
branch
17 times, most recently
from
4e73d80 to
6c49f01
Compare
It is a bit uglier than what I would like because I wanted to keep compatibility with older pyproject-metadata. meson-python supports anything back to version 0.7.1. |
dnicolodi
force-pushed
the
pep639
branch
3 times, most recently
from
17ed963 to
044f487
Compare
|
I gave this a shot in matplotlib/matplotlib#28982, and |
|
I'm not very well versed in licensing issues, but I don't think the way PEP 639 supports declaring package licenses works well for this use case. The main problem is that it expects the license of the package's sdist and wheel to be exactly the same. For packages like matplotlib that link statically with some libraries, this is not the case: the license of the source code is the matplotlib license, the license of the wheel is the union of the matplotlib license with the license of all the libraries linked to it. Concretely, the issue is that in the most common case the subprojects directory does not contain the source code of the subprojects but only references to them (in the matplotlib case in the form of meson wrap files). However, the I don't know how the problem could be solved. The most formally right solution would to allow source and binary distributions to have different licenses. But this is a quite significant change in behavior for the package metadata system. The pragmatic solution is to add the subprojects' license files to the source distribution and accept that the sdist as a whole might have a more restrictive license than what it could have. |
This is not true. Metadata can be dynamic and vary between the sdist and the wheel. It's already dynamic as a result of being calculated from meson introspection, so you just need to mark that in the sdist as well. The decision to make sdist metadata static and forbidden to change is... definitely a decision of all time. But the good news is it comes with an escape hatch. This escape hatch is needed since the spec also says that it's illegal per the spec to apply open source patches to an sdist metadata if the fields are marked as static. 🤷 |
Agreed on both counts about reading the Python discourse. But from a quick look at the initial post before the site became impossible to read, it appears to make a few basic arguments about why dynamic metadata is "bad".
I find both arguments weak enough that I suspect the dislike of dynamic metadata came first and the supporting arguments were created to fit the narrative. None of this matters for sdists or wheels because both contain static metadata explicitly intended to be a cache, and editable installs are an extremely specific use case that users have already chosen to make some sacrifices in order to use -- plainly they are not worried about the version number or if they care they are using Lockfiles can just avoid self-inflicted wounds by generating them when asked, but it doesn't actually matter either way since lockfiles only have to do ANY of this on bare source trees, not dependencies obtained via sdist/ wheel, which means that users who use poetry / uv can choose to avoid dynamic metadata and users who prefer dynamic metadata can generate lockfiles less frequently. This is yet another example of people who think the point of a standard is to hard-line forbid people from doing perfectly reasonable things that are optional, because the people doing the forbidding don't personally value that thing, and cannot abide the idea that anyone else would value it. This contrasts with the fact that the standard currently allows all those perfectly reasonable things precisely because they are perfectly reasonable, and forbidding them would upset the people who are perfectly justified in doing perfectly reasonable things. The whole argument is undoubtedly just perl code. They'll get tired of it after a while and nothing will change, not even opinions. |
dnicolodi
force-pushed
the
pep639
branch
4 times, most recently
from
9a90048 to
b10c9eb
Compare
|
|
I've looked into what it would take to add support for metadata 2.4 to I don't know why |
|
In the meantime, it is possible to install |
|
@agriyakhetarpal The dependecy problem is not a problem in itself. It is only a problem because implementing metadatya 2.4 support in twine requires adding support to pkginfo and make twine consume the added metadata fields. If there is no maintainer interest in supporting a version of pkginfo release a long while back, I don't see how there could be interest in merging patches to work with a future release. It is my understanding that, without support in the upload tool, the license information recorded in the |
|
For what is worth, |
|
|
|
I've opened a bug offering to port |
I understand the state of things better now, thanks for the context! |
|
Do you have a plan to move this forward? I see the PR for twine has already been merged. |
|
This is ready to merge (minus the merge conflict) and can probably be merged. However, there isn't yet a twine release supporting metadata 2.4, thus cutting a meson-python release supporting PEP 639 and emitting metadata 2.4 seems premature. |
|
Very close though, which is great to see! |
Having PEP 639 metadata supported or not based on the version of a transitive dependency would not make for a great user experience. Supporting PEP 639 metadata requires pyproject-metadata 0.9.0.
|
Twine 6.1.0 is out for more than a month now. Would it make sense to release meson-python as well? |
|
Scikit-build-core 0.11.0 includes PEP 639 support. Hatchling uses METADATA 2.4 now. So FWIW, I think it would be a good idea. ;) (PS: there's a bug if your LICENSE file contains form feeds and you don't use PEP 639 and you are using Python older than 3.12.8, will be releasing a new pyproject-metadata with a fix soon. But I don't think it affects this at all.) |
|
There is a lengthy discussion on the Python Discourse regarding issues similar to the one discussed here regarding how to express the license of distribution that embed multiple projects either via vendoring, subprojects, or embedding shared libraries into wheels: https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020/196 I haven't read all the posts (usual caveats about the structure of exchanges on Discourse and the dynamics of the Python Discourse apply) but the discussion does not seem to be going anywhere. However, who has interest in the topic (@rgommers for NumPy and SciPy, @QuLogic for Matplotlib, maybe @henryiii for his work on scikit-core) may want to have a look. |
|
Ah, this isn't in a release, got it. On the topic above, I think the partially dynamic metadata PEP will help, and there's further ideas now on the thread above. |
Oh yes, thanks for pointing that out. I somehow didn't get notifications. This is a problem for complex projects. I have only read the first ~10 posts, but we've been dealing with this problem in NumPy and SciPy for a long time in hacky ways like dynamically amending license files when It shouldn't require a change in |
I stopped reading the thread after the first 100 posts or so went in circles trying to define whether the intent of the PEP was for the metadata to capture the source code license or the distribution artifact license...
Indeed. Nothing to do yet on our side. |
Closes gh-270