[PEP - Wheel Variant] Staging before push to upstream #6
Conversation
Done via: ``` m2r2 --no-underscore-emphasis pepxxx_wheel_variant_support.md ``` Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
The pandoc's conversion is much better. Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
| Konstantin Schütze <[email protected]>, | ||
| Ralf Gommers <[email protected]>, | ||
| Andrey Talman <[email protected]>, | ||
| Charlie Marsh <[email protected]>, |
There was a problem hiding this comment.
Nit: Do you mind using [email protected] (if not [email protected])?
There was a problem hiding this comment.
I'm fine with either, I think I've copied that from your commit messages. Just tell me which one you prefer (or "suggest" a change).
|
|
||
| 1. If ``install-time`` is true, the dictionary describes an install-time | ||
| provider and the ``requires`` key must be present and specify at | ||
| least one dependency. |
There was a problem hiding this comment.
Because that "one dependency" is, presumedly, the Python package containing the provider itself?
There was a problem hiding this comment.
Yes. It's basically "empty requires make no sense because then you don't have anything to call".
Co-authored-by: Charlie Marsh <[email protected]>
Co-authored-by: Charlie Marsh <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
|
Very nice and detailed review @emmatyping-nv. One remark on it:
This doesn't look like a good idea to me. A resolver isn't a standalone tool/package/thing from a packaging perspective, it's a component inside an installer. The relevant tools are "build backend", "build frontend", "installer". The term "resolver" doesn't seem used at all right now except for in a single section under Rejected Ideas, which seems fine. |
Co-authored-by: Emma Smith <[email protected]>
Per #6 (comment). Signed-off-by: Michał Górny <[email protected]>
|
I've already replied to specific comments, but I think these two points are worth discussing top-level:
I think the PEP as it stands right now roughly splits tools into "installers" and "everything else". The boundary between the two is a bit blurry, and I don't think we're really following it consistently. The primary idea behind "installers" is that these are packages that need to be able to determine whether variant wheels are supported, and may be executed with elevated privileges. Therefore, from the security PoV there is a risk that variant wheels would require installing and running arbitrary packages with these privileges. The "everything else" is basically tools where we don't worry about that — e.g. tools that only need to process wheels without determining whether they are supported, or build tools that install and run arbitrary packages anyway. I suppose "installers" is a bit of a misnomer, since there are technically other tools that need to determine whether wheels can be installed. However, I don't think "resolver" is a good replacement. I mean, saying that "resolver should vendor a plugin" is weird — the installer does that, resolver is merely one of its components. Furthermore, the same applies to cases where resolver isn't really used, e.g. when installing a wheel from the local filesystem. I'm open to improving things, but I don't really have a better term than "installer", and I'm not sure if using a strictly more correct term won't make things harder to comprehend.
Indeed. Probably the "security considerations" section needs to be rewritten to make the problem clearer. I wonder if it would make sense to move it prior to specification; describe the problem there, then the measures taken in the specification part. |
Since resolvers are part of other tools like lockfile generators (e.g. pip-tools), I view resolvers as a component shared between installers and lockfile generators. Resolvers are used elsewhere too (e.g. tools to check licenses of various dependencies, etc.).
Yeah I think my main point is that the PEP makes specifications about package resolution, but tools other than installers do that.
One thing we could do is define "resolvers" as "tools which has a package resolution step". Or even use "resolver tools" (but maybe that is verbose).
I agree this seems like an improvement! Generally people don't move the sections around, but I think that should be fine since it is important to the flow of the PEP. We could also have a security section in the rationale I suppose. |
Co-authored-by: Emma Smith <[email protected]>
* Update the bit about SciPy Thanks to @rgommers in #6 (comment). Signed-off-by: Michał Górny <[email protected]> * Sync quotes from wheelnext/wheelnext#110 Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
|
I'll prepare an update for the security-related stuff tomorrow. |
Per #6 (comment). Signed-off-by: Michał Górny <[email protected]>
Don't use tool-specific option, mention the caching problem and better describe why it's no build isolation.
The regular spaces are ASCII characters, while the non-breaking spaces are special Unicode characters. There's no need in our text to use non-breaking spaces, such as there would be with SI units.
Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
#6 (comment) Signed-off-by: Michał Górny <[email protected]>
Co-authored-by: Emma Smith <[email protected]>
konstin
left a comment
konstin
left a comment
There was a problem hiding this comment.
Adding some notes, filed PRs for some others.
| - A **variant provider plugin** interface that allows installers to dynamically detect | ||
| platform attributes and select the most suitable wheel. | ||
|
|
||
| The goal is to simplify the user experience to a familiar |
There was a problem hiding this comment.
The abstract is already long, I'd cut the paragraph below
| a significant portion of respondents over the last years have been | ||
| successively using Python for scientific computing purposes, covering | ||
| such areas as Data analysis (steadily over 40% respondents), Machine | ||
| learning (grown to 40% in 2024), Data engineering (around 30%), and |
There was a problem hiding this comment.
nit: Drop the "many more", three examples is good
| ``manylinux_2_34_x86_64`` now implicitly requires ``x86_64-v2`` with no | ||
| support for other x86 version. This lack of support results in | ||
| complexity in managing platform-specific dependencies and compatibility. | ||
| That complexity affects the installation process for users and increases |
There was a problem hiding this comment.
The problem here is really that it's impossible to express any or different x86_64 versions, so you have to pick an oldest version you support and ship only that.
| As illustrated by | ||
| `archspec <https://github.com/archspec/archspec>`__’s authors and | ||
| maintainers, the ability to optimize a package for a specific | ||
| architecture can lead to significant performance improvement (and often | ||
| also reduce power requirements, etc.). |
There was a problem hiding this comment.
| As illustrated by | |
| `archspec <https://github.com/archspec/archspec>`__’s authors and | |
| maintainers, the ability to optimize a package for a specific | |
| architecture can lead to significant performance improvement (and often | |
| also reduce power requirements, etc.). | |
| As illustrated by | |
| `archspec <https://github.com/archspec/archspec>`__, the ability to | |
| optimize a package for a specific architecture can lead to a | |
| significant performance improvement. |
| slightly. The last two bars are labeled "skylake_avx512" and | ||
| "cascadelake" (both "AVX512") and reach almost 2.0 ns/day. | ||
|
|
||
| GROMACS AVX512 Benchmark |
There was a problem hiding this comment.
What's the GROMACS benchmark, and what do the numbers refer to? The figure description should contain a concise description of what is being measured, just enough for a Python programmer who hasn't heard GROMACS before to understand the impact.
| Current workarounds and their limitations | ||
| ----------------------------------------- | ||
|
|
||
| Package maintainers have developed various strategies to work around |
There was a problem hiding this comment.
I'd drop these three paragraphs, this information should emerge from the description of the workarounds, and should otherwise already be understood by the PEP reader.
| **Development Tool Complications**: Installation tools, IDEs, and CI/CD | ||
| systems struggle to handle non-standard installation requirements. | ||
|
|
||
| **Documentation Burden**: Maintainers must create and maintain complex |
There was a problem hiding this comment.
I would replace this with it being error prone. At least I haven't heard complaints about this being too much effort to document, but i've seen many cases in which those custom workarounds broke, from the pytorch index missing hashes over nvidia packages downloading the wrong artifact on the tooling side to so many complaints about installing GPU packages on the user side.
| has that he expects will be addressed by wheel variants: | ||
|
|
||
| * Large download size, due to the use of "fat binaries" for multiple | ||
| SMs. Currently, XGBoost builds for 11 different SMs. |
There was a problem hiding this comment.
We haven't introduces SMs at this point
| .. code:: json5 | ||
|
|
||
| { | ||
| // TODO: replace this with appendix URL for the PEP |
There was a problem hiding this comment.
| // TODO: replace this with appendix URL for the PEP | |
| // The schema URL will be replaced with the final URL on packaging.python.org |
| specification. The link to this file must be present on all index pages | ||
| where the variant wheels are linked. |
There was a problem hiding this comment.
We treat the variants json file like an archive file (not like a .metadata file), it's a regular top level enty, including having a hash. I'll file a PR.
Signed-off-by: Michał Górny <[email protected]>
Co-authored-by: Emma Smith <[email protected]>
Not sure if we should do that as part of the PEP submission, but we are using lexers available since 2.19.0, as @konstin noticed. Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
Co-authored-by: konsti <[email protected]>
Signed-off-by: Michał Górny <[email protected]>
No description provided.