PEP 427 – The Wheel Binary Package Format 1.0

[calpaterson]

> So that's why jars are always 100 MB! I don't think the python community will ever perceive this as the "right" way to distribute libraries.

I'm not advocating it as the right way to distribute libraries. It's the right way to deploy applications. Compiling everything into one simplifies deployment. It does not simplify public distribution.

> the sysadmin is responsible for security [...]

It just means that whoever is responsible for security (which should be operations _and_ development, IMO) need a list of the libraries used as part of an application. In Python this is normally stored in the file "requirements" in the root of the source tree. Java projects have similar things, so does Haskell.

[jessaustin]

I'm not advocating it as the right way to distribute libraries. It's the right way to deploy applications.

OK, I agree that's a different case, one for which jars may be appropriate whenever you don't have access to an OS-level package manager. But when is that? When using Windows, but not in the enterprise? Surely most would avoid that grim situation. Since I use apt or the equivalent to install and update apps (unless I have a reason to be closer to the current version), I primarily think of python distributions as providing libraries, although of course they may include applications as well.

It just means that whoever is responsible for security (which should be operations _and_ development, IMO) need a list of the libraries used as part of an application.

Of course it's nice when the applications one installs are supported by developers in the same organization, but it's a rare luxury that doesn't obtain for the typical sysadmin. Even in that case, however, aren't you proposing to make a lot of work for yourself that your package manager is happy to do instead?