undefined | Better HN

0 pointszahlman10mo ago0 comments

> You'd reasonably think, but it's difficult to assert this: a lot of people use third-party tooling (uv, but also a lot of hand-rolled stuff),

I mean, for people (like myself) explicitly attempting to implement alternatives to pip. And to my understanding, pip itself does use `zipfile` as well.

Are you proposing that there are people out there making package installers for personal use?

> and Python packages aren't always processed in a straight-line-from-the-index manner.

I don't know what you have in mind here.

0 comments

1 comments · 1 top-level

woodruffw10mo ago

> Are you proposing that there are people out there making package installers for personal use?

I gave an example in the original comment: there's a lot of random ass tooling out there that treats Python wheels as a mostly opaque archive, and unpacks/repacks them in various ways. The original PEP behind wheels also (implicitly) expects this, since it refers to extraction with a "ZIP client" and not Python's zipfile specifically.

I think security scanners are a simple example, but Linux distros, Homebrew, etc. all also process Python package distributions in ways that mostly just assume a ZIP container, without additionally trying to exactly match how Python's `zipfile` behaves.

> I don't know what you have in mind here.

The security scanner example from the original comment.

j / k navigate · click thread line to collapse