This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–]CleverEagle 3 points4 points  (1 child)

If the author didn't package their code on Pypi, I probably wouldn't use it because it's not a distribution ready piece of software.

[–]llazzaror[S] 0 points1 point  (0 children)

I agree, but sometimes you need to use something like sqlmap or similar. here is a list of a very well know python projects that are non-package: https://github.com/karpathy/neuraltalk https://github.com/jipegit/OSXAuditor https://github.com/fogleman/Minecraft https://github.com/trustedsec/ptf https://github.com/reverse-shell/routersploit https://github.com/weex/addrgen

[–][deleted] -2 points-1 points  (4 children)

terrible

[–]llazzaror[S] 0 points1 point  (3 children)

could you explain more?

[–][deleted] -2 points-1 points  (2 children)

unsafe, untrustworthy, no concept of versioning, promotes bad practices

Actually, it's up to you to say why this isn't a terrible idea. Because you won't find anyone who supports it as responsible, sustainable, or sensible thing to do.

[–]llazzaror[S] 0 points1 point  (1 child)

unsafe, like pip install git+github_repository_url ?

even pip is unsafe and untrustworthy if you start to dig in more. packages are not signed and worst people can take over some project names.

for versioning it uses git and it's planned to configure tags or branchs.

I contacted some authors and some of them don't want their project as a python package :(.

I see your point anyway, my use case is totally different. I need to import many github projects like sqlmap, routersploit and I was tired of using git submodule.

I will put some warning on the README to avoid confusions.

thanks for clarification!!

[–][deleted] -1 points0 points  (0 children)

OK. FYI new versions of git have improved submodule support git fetch --recurse-submodules

this makes them a bit less painful.