• dinckel@lemmy.world
    link
    fedilink
    arrow-up
    26
    ·
    2 months ago

    It’s a really bold claim. Every time a new package manager and/or dependency resolver comes around, we have the exact same headline

  • ertai@programming.dev
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    edit-2
    2 months ago

    Yet another python packager............... insane that such a popular language still doesn’t have this basic problem solved.

    • CodeMonkey@programming.dev
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      2 months ago

      pip is a perfectly usable package manager and is included in most python distributions now. Is it perfect? No, but it is good enough for every team I have been on.

      • Eager Eagle@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        2 months ago

        it’s usable, yet it doesn’t attempt to solve a a third of the problems uv, poetry, and pdm address.

        it’s also not hard to end up with a broken env with pip.

      • Moc@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        2 months ago

        Except that it’s slower than uv and therefore strictly worse for build processes

      • uthredii@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Putting aside the speed uv has a bunch of features that usually require 2-4 separate tools. These tools are very popular but not very well liked. The fact these tools are so popular proves that pip is not sufficient for many use cases. Other languages have a single tool (e.g. cargo) that are very well liked.

    • sum_yung_gai@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      2 months ago

      I use poetry and it works really well. I would consider it solved but that doesn’t mean there isn’t the possibility of a better solution.

    • ertai@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Glad I use arch btw, pacman manages my python packages so I don’t have to deal with all this mess.

      • gigachad@sh.itjust.works
        link
        fedilink
        arrow-up
        12
        ·
        2 months ago

        We do geodata science and rely on some pretty specific C++ libraries that are only distributed via conda. While on unix-based systems it’s possible to get some of them from other channels or even building them from source, we mostly have Windows machines in production where we are not that flexible. Docker is unfortunately no solution due to security concerns.

        If you are asking why I hate it: It’s bloated, uses more space than needed and it’s rare I can reproduce an environment from the environment file without running into errors. Using it feels unintuitive, I still google command after years. It was very slow until recently, when the libmamba solver was finally integrated. Last but not least licensing is a pain in the ass.

        • db0@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          3
          ·
          2 months ago

          Interesting. We use conda via micromamba for my own project, as it makes the install for end-users much easier when they can just run a shell script, to install python, cuda, and all the dependencies needed.

        • Eager Eagle@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 months ago

          I share the same frustration trying to replicate an environment. I’m glad I can avoid it these days, the community needs a way out of the conda lock-in.

        • rutrum@lm.paradisus.day
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          I’ve been using micromamba/mamba and not had solving issues like I did with conda. Im glad conda integrated libmamba.

          Question: why were docker containers deemed security risks?

            • BatmanAoD@programming.dev
              link
              fedilink
              arrow-up
              3
              ·
              1 month ago

              I’m no expert, but isn’t running in a VM strictly better than running on raw metal from a security perspective? It’s generally more locked down, and breaking out of the virtualization layer requires a separate security breach from gaining access to the running container.

          • gigachad@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            Yes, mamba is a huge improvement. Regarding docker I can’t really tell you as I’m not an infrastructure guy.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      2 months ago

      Looks like it has basic support:

      • required-python = "..."
      • dependencies = [ ... ]

      Once it gets dependency groups, I’ll try it out. I’m currently using poetry, which works, but I’m always interested in better perf.

      • Eager Eagle@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        2 months ago

        it already has dep groups; e.g.

        uv add --optional staging pytest

        then

        uv sync --extra staging

        to install / uninstall packages accordingly.

        They have a --dev shorthand for dev dependencies, but it seems the dependency group PEP is not final, so there isn’t a standardized way of doing this yet.

        • beeng@discuss.tchncs.de
          link
          fedilink
          arrow-up
          3
          ·
          2 months ago

          Private PyPI too?

          We’re coming from poetry but it’s slow and needs its own .venv, so a UV binary would be very nice.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Oh cool, I’ll definitely look into that.

          And honestly, the one I need more is a test group for CI, for things like coverage reporting and whatnot. If I can get that and if having multiple package indexes works properly (i.e. it can check my private repo first, and then pypi), I can probably port our projects to uv, at which point it’s an internal discussion instead of a technical one.