syck-python / request to orphan / wanting to replace with pyyaml.org's YAML stuff

Michael DeHaan mdehaan at redhat.com
Wed May 3 21:49:13 UTC 2006 

Michael DeHaan wrote:
> Toshio Kuratomi wrote:
>> On Tue, 2006-05-02 at 14:30 -0400, Michael DeHaan wrote:
>>  
>>> Bugzilla 189281 references the YAML parser for Python in FC-extras 
>>> as being broken.  The bug report went to oliver at linux-kernel.at on 
>>> 4/18 and I've emailed him on 4/28 inquiring about the 4/18 bug 
>>> report and volunteering to help.   No replies yet on either account, 
>>> I'm assuming long vacations and such are possible, such things are 
>>> understandable and ok.
>>>     
>>
>> That bug doesn't show that it's broken, just poorly designed :-)  (I'm
>> not arguing that syck's python bindings aren't broken in other ways and
>> deserve to get replaced....)
>>
>> [snip]
>>   
>
> Not having a YAML package for Fedora that can serialize anything is 
> pretty broken, IMHO :)
>
>>  
>>> The Python community has apparently seen that the syck bindings that 
>>> ship with syck (current=0.55) are broken, so they've come up with a 
>>> version of syck-python that is 0.61 (http://pyyaml.org) on their own 
>>> .   They are also working on a Python Yaml 3000 replacement library, 
>>> that is apparently also a good candidate.
>>>
>>> My suggestion is that syck-python be orphaned due to the fact that 
>>> (1) it's broken since it can't serialize anything at all (no dump 
>>> function), and (2) syck isn't incredibly robust.   Given this, I'm 
>>> planning on packaging a "python-yaml" for extras using the 
>>> Python-YAML 3000 or Python-Syck codebase here, which has syck at 
>>> 0.61.   We can then pull python-syck out of the repository.   Yes, 
>>> I'm signing up to do this, assuming we can orphan the broken package 
>>> to reduce confusion.
>>>     
>>
>> I liked the idea of yaml but have refrained from using it due to the
>> problems with the python-syck bindings. I think it would be valuable to
>> have working bindings whether or not syck-python is orphaned. 
> Agreed.
>
>>  Here are
>> some questions:
>>
>> pysyck:  the pyyaml.org website provides a patched syck that is an svn
>> snapshot plus pyyaml patches.  Is an unpatched syck going to have
>> significant deficiencies?  
> Yes.  An unpatched syck doesn't have a working dump function, which 
> makes it at least 50% broken, so I'd call those dependencies rather 
> major.  I have not researched their other fixes to syck.   The one 
> issue with packaging their pyyaml patched version now is the 1.1 
> compliance.  We have to move to 1.1 at some point, and it looks to me 
> that the 3000 version is good enough now.   (See below on syck issues).
>
>> Is upstream syck going to make new releases
>> or is all development of the library concentrated in the ruby tree?  Has
>> the pysyck community proposed their changes to upstream syck?
>>   
> I've contacted whytheluckystiff (upstream) about his thoughts and 
> relationship with pysyck.  He is for all intents and purposes in the 
> Ruby camp, and I'm not sure how much time (if any) is spent on the 
> Python ones.   The python brokeness has no doubt been reported at 
> least once, which makes me believe upstream syck isn't the answer.   
> Further, per a coworker of mine (I haven't followed up on this 
> myself), syck's source doesn't do a good job of checking memory 
> allocation calls, does some reallocs, and so forth ... so I am well 
> inclined to use a non-native parser for stability/safety reasons. 
> PyYaml 3000 would fit this niche nicely.
>
>> pyyaml3000: No released tarballs.  Does upstream have a timeline for
>> that or are we going to be making snapshots for quite a while?
>>   
> As for pyyaml3000, I have a RPM on my desktop now (already built) and 
> am about to submit it to FC-extras for review.   It seems very stable 
> and I can contact them about plans on releasing snapshots.   For now, 
> I've built a tarball myself.
>
>> To me, making a pyyaml3000 package (with some idea of what we can expect
>> from upstream) could go the route of any other Extras package.  (After
>> all, we have both libxml2 with python bindings and elementTree already.)
>>
>> pysyck could be treated the same way but seems like it would benefit
>> from coordination with the syck maintainer (to Obsolete syck-python and
>> stop building that as a subpackage, is upstream syck going to make
>> python fixes, should we add pysyck patches to our syck library, etc)
>> See if Oliver responds to inquiries about you packaging pysyck (or if he
>> doesn't have time for syck anymore and is willing to hand it off to
>> you.)   
> I've contacted whytheluckystiff to see his opinions on upstream 
> pysyck's brokenness as well, just for good measure. I agree with you 
> that having duplicate implementations won't hurt (if both work), but I 
> do think that having just one broken implementation in there 
> (syck-python) is not enough.   So whether we orphan the broken 
> syck-python or not, I'm backing the yaml 3000 as the right way to 
> go.   Package is currently named 'python-yaml', since we don't have 
> one, and I don't want version numbers in the formal package name.   
> Version is "0.3000.20060502".
>
> --Michael
>
Given no other replies to this commentary, I think we're ok on the 
PyYaml 3000 front (what to do about syck-python is another issue, and 
I'm willing to let it slide if a good working alternative can get out 
there).

I do have people interested in reviewing this (Toshio, you are welcome 
to as well), but I lack a potential sponsor for my first package.   Can 
anyone jump on board and help me out?   The module itself was already 
built with distutils, so the spec only moves it into a more reasonable 
namespace and numbering scheme.

Here's the bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190493

Much appreciated!

--Michael

More information about the fedora-extras-list mailing list