The main thing against your proposition is compatibility:
1-PWB is designed to work in ALL wikis and so many of them are not WMF-related and even don't have any SSL connection ability
2-Iran and Chinese people are excluded for SSL and They can't run bots anymore if we use just SSL

Best


On Wed, Sep 4, 2013 at 6:59 PM, Wieland Hoffmann <themineo@gmail.com> wrote:
Hi,

with the recent switch to HTTPS by default [0] I'm wondering if it still
makes sense to keep httplib2 (the upstream version, not the one
maintained at [1]) as a dependency in setup.py?

According to setuptools' documentation [2] the effect of listing
httplib2 (or any other dependency) in install_requires is that

  When your project is installed, either by using EasyInstall, setup.py
  install, or setup.py develop, all of the dependencies not already
  installed will be located (via PyPI), downloaded, built (if necessary),
  and installed.

For PWB this means that installing the project via `setup.py install` in
an environment where [1] is not already installed, setuptools will
download httplib2 from PyPI. This is not a good idea because all it will
do is give people an httplib2 that can't verify Wikimedias certificate.
AFAIK the only way to recognize this is during the install step - and
let's be honest - nooes reading *all* of the output ;)

I did try adding depency links as described by [2]:

  dependency_links=[
      'git+https://git.wikimedia.org/git/pywikibot/externals/httplib2.git#egg=httplib2-0.8.0'
  ],

but surprisingly, this only works with pip but not setuptools itself
('git+https' is an unknown url type to setuptools).

So it seems to me that specifying httlib2 as a dependency in setup.py
does more harm than good and it should be removed - [3] already lists
the submodule as a dependency, although it could be made more clear that
the git submodule differs from upstream.

As I'm not really that familiar with the python packaging ecosystem, I'm
not sure if there's a way to make (for example) the dependency links
stuff work or if the dependency is worth keeping for some other reason.

If there are no objections/other ideas to make this work, I'd submit a
patch removing the dependency from setup.py reusing most of this mail as
the commit message.

[0] https://git.wikimedia.org/commit/pywikibot%2Fcore.git/6bb502983afc93b4222d3c87b04d79b3a99e70c1
[1] https://git.wikimedia.org/summary/?r=pywikibot/externals/httplib2.git
[2] http://pythonhosted.org/setuptools/setuptools.html#declaring-dependencies
[3] https://www.mediawiki.org/wiki/Manual:Pywikipediabot/Installation#Manual_.28for_experts.29

--
Wieland

_______________________________________________
Pywikipedia-l mailing list
Pywikipedia-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/pywikipedia-l



--
Amir