Problems with pip install gpg

[Bjarni Runar Einarsson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Werner!

Werner Koch <wk at gnupg.org> wrote:
> 
> What I don't understand is why a _developer_ has problems to do
> the usual
> 
>   ./configure && make
>   
> followed by a
> 
>   make install 

This is what "pip install" is for. It automates this process, so
a Python developer doesn't also have to be a C developer.

It (along with virtualenv) also handles scoping of the installed
libraries, so developers don't have to install (potentially
conflicting) development libraries system-wide. This involves
setting a bunch of ./configure arguments (prefix etc.). Getting
all of those things right, for multiple libraries, is a lot of
boring, error-prone work. The Python community has decided to
automate this so developers can focus on other things. It's a
really nice system.

> I can't imagine that a Python developer is missing these basic
> abilities.

Many are. It doesn't mean they're bad developers, it just means
they've been able to specialize in other things because the
sysadmin crap has been automated away.

> And if it is about the time this takes: reading the
> manual and come up with an idea on how to use a library will
> for sure take more time. Or are we living in a copy+paste
> examples world now?

Please consider that the free software community is much larger
and more diverse than it used to be. Nobody knows how to use all
the tools anymore! I am guessing you would be annoyed if you were
required to learn the entire javascript/nodejs toolchain in order
to contribute a patch to your favourite C project.

People who are hacking on GnuPG should know how to check out,
build and configure GnuPG. In my opinion, people hacking on other
things shouldn't have to.

So if a developer wants to check out Mailpile, change the way
e-mail addresses are formatted in the user interface and see it
work, then requiring they know how to build and install GnuPG
first is a major problem. It's out of scope for what they are
trying to do and it's a major barrier to entry.

If you think this is unreasonable, then we will just have to
agree to disagree on that.

The fact remains that I am not going to use GPGME if it means
losing a large chunk of my contributors and testers. It's just
not going to happen and I can guarantee that many other projects
will come to the same conclusion. The GnuPG team has repeatedly
asked me to use GPGME, and I know some of the people on your team
are annoyed with me for not doing so. I am trying to explain why
it's not happening. I would like to use GPGME instead of
maintaining my own wrapper. But I can't - yet.

I do hope this doesn't sound like I'm making demands. If you guys
feel this is out of scope or don't have time, that is of course
your call. I am simply pointing out areas for improvement and
trying to explain my point of view and that of the Python
community as I understand it.

Thanks for reading,
 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYW8TRAAoJEI4ANxYAz5SRctYH/19bSBtPkgaSROFe1oAMYjVH
A8PnplMjET7q/4iC+Fpt5nqpJd2XagFQgvP6nFU3eezl+m7+5B2k2iIan3X1gyRz
Ez9w1AaoqPmZwiB86dDoJn23ica7XOf57sKL4AnFI9NVDGe5bt2HGJppZU62ipFz
M6Rz1Qf3mHRCI99kr2/depxg9RFjqDtuE3JmD6kM6MD0pvZa0Xm22/tguRwQ9g0Y
53VKLSitI+kq9YeuLJmeuIWTfjgcEL9ZyrkKiifcV2KMpXcaGoatufCcVYjkjNEz
uqF9MxqYgqLD0wGXsDuv2eRQMBJtKMuKgJlUDwTFEVlwW9LIF6+5punf2Yar+bA=
=amog
-----END PGP SIGNATURE-----