On Sat, Feb 23, 2013 at 10:53:53AM +0100, Pierre-Yves Chibon wrote: > On Sat, 2013-02-23 at 04:47 -0500, Matthew Miller wrote: > > > > It's relatively big for a core package (couple of megabytes, give or take). > > And curl is required by a number of *other* things, and it's pretty nice to > > have such a utility in standard if not in core at least, so it's almost > > "free" as a base. > > > > > > > Does requests still have some local copy of other libs? > > > > Apparently it doesn't pull them in from other packages. :) > > There is work in progress to unbundle the libraries that requests > bundles, that will make it loose some weight but will increase the > dependency chain: > https://bugzilla.redhat.com/show_bug.cgi?id=904623 > Also note, Fedora is currently on an old version of python-requests. In part, this is because it is licensed ISC (GPL compatible) and the next version is licensed Apache v2 (GPLv3 compatible but not GPLv2 compatible). I've asked spot how the licensing concerns affect python code (by extension other scripting languages in a similar situation) and he thought that it would likely be fine if GPLv2 code is importing Apache code but not fine if the code is being copied. However, he also warned that the only way to know that for sure would be to ask the lawyers to look into it. We've recently ported python=fedora from pycurl over to python-requests. The API seems easier to work with at first and we were able to achieve a healthy speedup (because we were not making use of a connection pool with our curl code and python-requests comes with one builtin). However, we did encounter several bugs with the code that we had to fix, some security issues that had languished a bit upstream, the bundled libraries that are noted above.... Now that we've ironed out the major difficulties and have a handle on what would be needed to take care of, for instance, the bundled libraries, I think we're going to stick with it in python-fedora but I wouldn't want to recommend it to others without them being aware of the potential caveats to using it. -Toshio
Attachment:
pgpcP3eiXQy4k.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
