You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore(build): switch to Poetry #8238 proposed to migrate to Poetry, which seems unnecessary, and appears to be incomplete. Since Setuptools is already used to build the project, but doesn't require setup.py, there is no reason to switch.
Possible Duplicates
None
Brief Summary
I was surprised to hear that Celery was affected by the recent Setuptools issue, since it's pure Python. Although wheels are available, many users who may have chosen to build from source anyway would have been affected. (The same problem also occurred with Requests.) At any rate, a setup.py file should be completely unnecessary for building a wheel for a pure Python sdist in any normal circumstance. Storing metadata as data in pyproject.toml is cleaner, simpler and more secure. The project already has a pyproject.toml file but currently it's only used to store configuration for dev tools.
Design
Add a PEP 621-compliant project table to pyproject.toml to represent the project metadata currently represented as keyword arguments to setup. For the dynamically-determined metadata (which currently comes from parsing a source file manually), use a [tool.setuptools.dynamic] table. Optionally use [build-system] to specify a Setuptools version.
Architectural Considerations
None
Proposed Behavior
Users who build a Celery sdist will no longer needlessly be exposed to the risks associated with running arbitrary code from a setup.py file, nor to the risk of future Setuptools versions causing other problems with setup.py contents due to deprecations/removals.
Proposed UI/UX
No changes.
Diagrams
N/A
Alternatives
None
The text was updated successfully, but these errors were encountered:
Checklist
for similar or identical enhancement to an existing feature.
for existing proposed enhancements.
to find out if the same enhancement was already implemented in the
main branch.
(If there are none, check this box anyway).
Related Issues and Possible Duplicates
Related Issues
setuptools
>= v72 removessetuptools.command.test
#9157 could have been avoided automatically by doing this earlier.setup.py
, there is no reason to switch.Possible Duplicates
Brief Summary
I was surprised to hear that Celery was affected by the recent Setuptools issue, since it's pure Python. Although wheels are available, many users who may have chosen to build from source anyway would have been affected. (The same problem also occurred with Requests.) At any rate, a
setup.py
file should be completely unnecessary for building a wheel for a pure Python sdist in any normal circumstance. Storing metadata as data inpyproject.toml
is cleaner, simpler and more secure. The project already has apyproject.toml
file but currently it's only used to store configuration for dev tools.Design
Add a PEP 621-compliant
project
table topyproject.toml
to represent the project metadata currently represented as keyword arguments tosetup
. For the dynamically-determined metadata (which currently comes from parsing a source file manually), use a[tool.setuptools.dynamic]
table. Optionally use[build-system]
to specify a Setuptools version.Architectural Considerations
None
Proposed Behavior
Users who build a Celery sdist will no longer needlessly be exposed to the risks associated with running arbitrary code from a
setup.py
file, nor to the risk of future Setuptools versions causing other problems withsetup.py
contents due to deprecations/removals.Proposed UI/UX
No changes.
Diagrams
N/A
Alternatives
None
The text was updated successfully, but these errors were encountered: