Hacker News new | ask | show | jobs
by sergioisidoro 976 days ago
The problem stems from how fragmented dependency management in python is. Most tutorials use `pip install something` without much care for pinning versions.

Yes, it makes it easier for new programmers: They can skip learning a dependency management tool like poetry, or pipenv. But then these things happen.

Blame the tutorial makers and the dependency maintainers, not the Flask team.
4 comments
kennywinker 976 days ago
> Blame the tutorial makers and the dependency maintainers

I'd blame the python community as a whole, for not driving everybody (flask team, tutorial makers, dependency maintainers, etc) towards pinned versions.

This is a well-established problem in any environment where you write code that has dependencies. Strict use of semver, and tools that respect those conventions, would solve MOST of this.

link
sergioisidoro 976 days ago
Well, they are trying... For tooling they tried to get this done well with pipenv, but (imho) failed for how slow and clunky it is. I really tried to like pipenv, but now I just go for poetry.

But one thing that needs to be acknowledged is how difficult it is to coordinate a space with so many stakeholders (eg. Conda and Anaconda for Windows), and how python got so engrained in the sys admin (installing tools with pip.) that undoing that is a monstrous task [1]

[1] The other day my ansible playbooks stopped working because packages that you used to be able to install globally with pip, should now be installed through the package managers (eg. jsondiff should now be installed as apt-get install pyton3-jsondiff). Exactly to push people to use virtual environments where you can better manage depedencies.

link
paulddraper 976 days ago
Nothing unique to Python.

You can lock Python versions.

But people by default, people type pip/npm/apt/yum install without the version.

Nothing unique to Python.

link
kennywinker 976 days ago
Except the default behavior of yarn add / npm install is to pin a semver. I.e. if the current version is 1.2.3, the package.json will specify “^1.2.3” which will auto-update to any new release that’s versioned below 2.0.0. And the node community is at least half-decent about following semver and doesn’t usually push breaking changes on a point-release.
link
zbentley 976 days ago
Python dependency management certainly has many problems, but I don't think this is one of them--or at least, it's not a problem unique to Python. The practice of tutorials/docs/guides installing unpinned/latest versions is incredibly common in most (all?) scripting languages' communities. While that's not great, I don't think it has anything to do with the fragmentation of Python's dependency management.
link
sergioisidoro 976 days ago
Well, if there would be one accepted dependency management tool / environment, it would make things easier at least.

For example, despite all the problems of JS, new devs don't need to create a virtual environment and activate it all the time. They don't need to manually add lines to a requirements.txt, or pick a tool like poetry or pip env [1]

[1] Edit: ok they have to pick yarn/npm, but even those share a common file base formate - package.json

link
gaganyaan 976 days ago
You don't even need poetry, as great as it is. Write your tutorial to include versions:

> pip install foo==1.2.3

link
kyawzazaw 976 days ago
poetry is very hard to setup
link
bandyaboot 976 days ago
Could you expand on this? I recently started a new project and decided to use poetry for the first time. It didn’t seem difficult at all to me.
link