this post was submitted on 30 Sep 2024
35 points (83.0% liked)

Python

6366 readers
3 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

πŸ“… Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

🐍 Python project:
πŸ’“ Python Community:
✨ Python Ecosystem:
🌌 Fediverse
Communities
Projects
Feeds

founded 1 year ago
MODERATORS
top 44 comments
sorted by: hot top controversial new old
[–] [email protected] 27 points 1 month ago (4 children)

It’s a really bold claim. Every time a new package manager and/or dependency resolver comes around, we have the exact same headline

[–] [email protected] 10 points 1 month ago (1 children)
[–] [email protected] 3 points 1 month ago

I think of this literally every time I have any issue

[–] [email protected] 7 points 1 month ago (1 children)

It is a bold claim, but based on their success with ruff, I'm optimistic that it might pan out.

[–] [email protected] 3 points 1 month ago

I do enjoy ruff a lot, but only time will tell

[–] [email protected] 5 points 1 month ago

There are 14 competing standards...

[–] [email protected] 1 points 1 month ago (1 children)

have there been a lot of them?

[–] [email protected] 10 points 1 month ago (2 children)

pipx, poetry, pipsi, fades, pae, pactivate, pyenv, virtualenv, pipenv

Let’s hope this next one will be the true standard.

[–] [email protected] 7 points 1 month ago

pyenv, virtualenv, pipenv, aren't package managers... they are virtual environment managers / creators and use pip for package management.

Anti Commercial-AI license

[–] [email protected] 4 points 1 month ago (1 children)

We're using poetry and it solves our problems. I'll have to look into uv, but I don't feel in any rush to switch away from poetry.

[–] [email protected] 7 points 1 month ago (1 children)

I’ve been mostly a poetry guy but have tested out uv a bit lately. Two main advantages I see are being able to install Python (I relied on pyenv before) and it’s waaay faster at solving/installing dependencies.

[–] [email protected] 2 points 1 month ago (2 children)

Yeah, it certainly looks nice, but my problems are:

  • everything runs in a docker container locally, so I don't think the caching is going to be a huge win
  • we have a half-dozen teams and a dozen repositories or so, across three time zones, so big changes require a fair amount of effort
  • we just got through porting to poetry to split into dependency groups, and going back to not having that is a tough sell

So for me, it needs to at least have feature parity w/ poetry to seriously consider.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (1 children)

uv is still faster with a cold cache

and uv does have dep groups

about the second problem, there's an issue open on writing a migration guide, but migrating manually is not too difficult.

[–] [email protected] 1 points 1 month ago

I'm not really worried about the migration work, from what I can tell it's basically just moving a few things around. I'm more worried about losing features the team likes largely for performance reasons.

Our primary use cases are:

  • dev tools - standardize versions of tools like black, pylint, etc; not necessary if we move to ruff, we'll just standardize on a version of that (like we do with poetry today)
  • tests - extra deps for CI/CD for things like coverage reports

I like the syntax poetry has, but I'd be willing to use something else, like in PEP 735.

One thing we also need is a way to define additional package repos since we use an internal repo. I didn't see that called out in the PEP, and I haven't looked at uv enough to know what their plan is, but this issue seems to be intended to fix it. We specify a specific repo for a handful of packages in each project, and we need that to work as well.

I'm currently looking to use ruff to replace some of our dev tools, and I'll look back at uv in another release or two to see what the progress is on our blockers.

[–] [email protected] 3 points 1 month ago (1 children)
[–] [email protected] 3 points 1 month ago

Good call. We have some other tech debt related to our docker usage, so I'll add this to the list.

[–] [email protected] 22 points 1 month ago* (last edited 1 month ago) (4 children)

Yet another python packager............... insane that such a popular language still doesn't have this basic problem solved.

[–] [email protected] 7 points 1 month ago

Yeah but this one is actually good. So hopefully it will displace all the others.

[–] [email protected] 3 points 1 month ago (4 children)

pip is a perfectly usable package manager and is included in most python distributions now. Is it perfect? No, but it is good enough for every team I have been on.

[–] [email protected] 11 points 1 month ago

@CodeMonkey @ertai No it is not perfectly usable for all people, all projects, all situations. uv definitely gets much closer to that.

[–] [email protected] 5 points 1 month ago

Except that it’s slower than uv and therefore strictly worse for build processes

[–] [email protected] 5 points 1 month ago* (last edited 1 month ago)

it's usable, yet it doesn't attempt to solve a a third of the problems uv, poetry, and pdm address.

it's also not hard to end up with a broken env with pip.

[–] [email protected] 1 points 1 month ago

Putting aside the speed uv has a bunch of features that usually require 2-4 separate tools. These tools are very popular but not very well liked. The fact these tools are so popular proves that pip is not sufficient for many use cases. Other languages have a single tool (e.g. cargo) that are very well liked.

[–] [email protected] 3 points 1 month ago

I use poetry and it works really well. I would consider it solved but that doesn't mean there isn't the possibility of a better solution.

[–] [email protected] 1 points 1 month ago

Glad I use arch btw, pacman manages my python packages so I don't have to deal with all this mess.

[–] [email protected] 11 points 1 month ago (1 children)

In my field we rely on conda and I hate it every day.

[–] [email protected] 3 points 1 month ago (1 children)
[–] [email protected] 12 points 1 month ago (3 children)

We do geodata science and rely on some pretty specific C++ libraries that are only distributed via conda. While on unix-based systems it's possible to get some of them from other channels or even building them from source, we mostly have Windows machines in production where we are not that flexible. Docker is unfortunately no solution due to security concerns.

If you are asking why I hate it: It's bloated, uses more space than needed and it's rare I can reproduce an environment from the environment file without running into errors. Using it feels unintuitive, I still google command after years. It was very slow until recently, when the libmamba solver was finally integrated. Last but not least licensing is a pain in the ass.

[–] [email protected] 3 points 1 month ago

Interesting. We use conda via micromamba for my own project, as it makes the install for end-users much easier when they can just run a shell script, to install python, cuda, and all the dependencies needed.

[–] [email protected] 3 points 1 month ago

I share the same frustration trying to replicate an environment. I'm glad I can avoid it these days, the community needs a way out of the conda lock-in.

[–] [email protected] 1 points 1 month ago (2 children)

I've been using micromamba/mamba and not had solving issues like I did with conda. Im glad conda integrated libmamba.

Question: why were docker containers deemed security risks?

[–] [email protected] 2 points 1 month ago (1 children)

If Windows, it requires a VM and currently infosec is not keen on virtualization in the hands of users.

[–] [email protected] 3 points 1 month ago (1 children)

I'm no expert, but isn't running in a VM strictly better than running on raw metal from a security perspective? It's generally more locked down, and breaking out of the virtualization layer requires a separate security breach from gaining access to the running container.

[–] [email protected] 2 points 1 month ago

I would think so as well. Possibly it's because a local VM is harder for them to monitor.

[–] [email protected] 1 points 1 month ago

Yes, mamba is a huge improvement. Regarding docker I can't really tell you as I'm not an infrastructure guy.

[–] [email protected] 8 points 1 month ago

Just tell me how uv is financed …

[–] [email protected] 6 points 1 month ago (2 children)

Got toml file support yet? Then I'm happy to talk :)

[–] [email protected] 5 points 1 month ago (1 children)

Looks like it has basic support:

  • required-python = "..."
  • dependencies = [ ... ]

Once it gets dependency groups, I'll try it out. I'm currently using poetry, which works, but I'm always interested in better perf.

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (2 children)

it already has dep groups; e.g.

uv add --optional staging pytest

then

uv sync --extra staging

to install / uninstall packages accordingly.

They have a --dev shorthand for dev dependencies, but it seems the dependency group PEP is not final, so there isn't a standardized way of doing this yet.

[–] [email protected] 3 points 1 month ago (1 children)

Private PyPI too?

We're coming from poetry but it's slow and needs its own .venv, so a UV binary would be very nice.

[–] [email protected] 2 points 1 month ago (1 children)

yeah, it works with private pypi

[–] [email protected] 3 points 1 month ago

I don't find it in the docs..how to set my PAT?

[–] [email protected] 1 points 1 month ago

Oh cool, I'll definitely look into that.

And honestly, the one I need more is a test group for CI, for things like coverage reporting and whatnot. If I can get that and if having multiple package indexes works properly (i.e. it can check my private repo first, and then pypi), I can probably port our projects to uv, at which point it's an internal discussion instead of a technical one.

[–] [email protected] 4 points 1 month ago

they do, just use project management commands like uv + { add, remove, sync, lock, run }