-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import name conflict between two packages #818
Comments
The interesting thing is you have IMO, |
I'll continue to maintain the package even after starlette absorbs it, if there are people using outside the starlette context. At the time I wrote that message, I thought people were not, but it looks like I was wrong, so I'll likely keep maintaining it. Stop mentioning me. How does multipart became the recommendation on those docs? |
Only by creating a custom Finder and Loader as far as I know. If a module and a package with the same name are installed into the same environment, the package is preferred during import. Not sure if this is part of the import protocol, or just an implementation detail of CPython. |
I'm not mentioning you, I'm referencing public issues for context.
I was not involved in that discussion or decision, so I do not know. But it was already mentioned in PEP 594 – Removing dead batteries from the standard library as a possible replacement. |
This happened with a bson module when mongodb was fashionable, happened to me recently with dotenv vs django-dotenv, and many other cases. It is perfectly valid to name a project multipart, pymultipart, multipartlib, python-multipart… Nowhere in the standard and policies is defined that one of these example projects should own one of these namespaces. Import conflicts without file conflicts are one current problem point of our ecosystem, caused in part by the absence of constraint to match import names to project names. |
The "easiest" is to rename the project under your control. I assume both project are FLOSS and made by volunteers. So the rules are that you don't owe anything to anyone and no one owes anything to you. That would be my recommendation, remove this headache swiftly. I doubt there is a smart way that will be headache-free. |
It is conventional for a package to share the import name - it's the only way that you can avoid conflicts, since PyPI don't allow conflicts, and it's the only way we currently have to "own" an import name. If one package is abandoned, it can work, though it's still a bit confusing for a user to see
However, on the other hand,
I don't think it's fair for Anyway, some ideas:
Are there overlapping items in both libraries? Either library could build a custom import that combines the items in both libraries if they are both installed - but this would only work if there was no overlap. It would probably have to be a custom loader and .pth file.
|
To be honest, I feel partially responsible for the situation we're in, and it's quite possible that other Linux distributions are in a similar situation. FWIU, the rise of popularity of "multipart" packages stem from Now I am starting feeling like the primary reason that people are using That said, given that |
Regarding how I'm afraid I don't remember whether I even noticed (I'm now a maintainer of |
Hard-rename the Python package to `python_multipart`, to avoid conflicts with the `multipart` PyPI package. Both `multipart` and `python-multipart` packages install using `multipart` import name, therefore both cannot be installed at the same time. Historically, we have included only the latter in Gentoo, since it was pulled in as a dependency of dev-python/starlette. However, the former was recently made the recommended replacement for the deprecated and removed `cgi` standard library module, therefore other packages started depending on it. Given that both packages intend to be maintained throughout the foreseeable future, it seems that the best workaround is to rename one of them. In this case, `python-multipart` uses an import name that does not match the package and seems to be have fewer reverse dependencies at this time, so rename it. There is already an open pull request upstream to do exactly that, so reuse parts of it. That said, since we can simply patch reverse dependencies, we do not need the compatibility layer (and probably do not want it, as it could yield confusing errors if the wrong package is installed). Bug: pypa/packaging-problems#818 Pull-Request: Kludex/python-multipart#166 Signed-off-by: Michał Górny <[email protected]>
Hard-rename the Python package to `python_multipart`, to avoid conflicts with the `multipart` PyPI package. Both `multipart` and `python-multipart` packages install using `multipart` import name, therefore both cannot be installed at the same time. Historically, we have included only the latter in Gentoo, since it was pulled in as a dependency of dev-python/starlette. However, the former was recently made the recommended replacement for the deprecated and removed `cgi` standard library module, therefore other packages started depending on it. Given that both packages intend to be maintained throughout the foreseeable future, it seems that the best workaround is to rename one of them. In this case, `python-multipart` uses an import name that does not match the package and seems to be have fewer reverse dependencies at this time, so rename it. There is already an open pull request upstream to do exactly that, so reuse parts of it. That said, since we can simply patch reverse dependencies, we do not need the compatibility layer (and probably do not want it, as it could yield confusing errors if the wrong package is installed). Bug: pypa/packaging-problems#818 Pull-Request: Kludex/python-multipart#166 Signed-off-by: Michał Górny <[email protected]>
Update: Thanks to @henryiii we are on a good path towards a solution. The idea is to rename the |
Problem description
I was recently made aware of a name conflict between multipart and python-multipart. Both install themselves as
multipart
, which causes difficult situations for framework developers now that Python 3.13 removescgi
and the official docs mentionmultipart
as a replacement. I have very good reasons to not just renamemultipart
into something different and the maintainers forpython-multipart
also have denied similar requests. There are plans to absorbpython-multipart
into Starlette (its primary dependent) so the problem might go away on its own, unfortunately without a timeline given.I'm aware that pypi cannot prevent such conflicts for several (mostly technical) reasons. I'm here to ask for ideas how to solve this in a way that does not make things even worse in the long run.
So, first idea: I could package two files with identical content named
multipart.py
andmultipart_fallback.py
into the same wheel and sdist archive and tell users to import the fallback if they run into conflicts. Pro: Easy to maintain on my side. Con: This pollutes the namespace even more and does not feel like the right thing to do.Second idea: Create a second project named
multipart-fallback
that depends onmultipart
and installs a skeletonmultipart_fallback.py
file with someexec
orimportlib
magic. Pro: Opt-in solution. Con: Harder to maintain, feels like a hack.Third idea: Do nothing and tell others to vendor
multipart.py
if they have to. Pro: Not much. Con: A pain for everyone involved.More ideas?
The text was updated successfully, but these errors were encountered: