In my opinion, the worst problem is the lack of a standard way to handle dependencies. I recently had a hard time deploying a small Python project over a few heterogeneous Linux machines.
For example, this "simple, lightweight" program has dependencies, as one can see in its .travis.yaml file. That's why the readme has the command `pip install commonmark` (plus more dependencies for dev). But, wait, doesn't `pip` install as root in /usr/local/ by default? (BTW, the documentation of `pip install` is mute on the subject.) So I should use pipenv, but last time I tried it was broken and the ticket had low activity. So virtualenv + pip, but it's a mess since I like using many terminals. I've heard about poetry, but that's not standard at all...
Why is virtualenv a mess with multiple terminals ? pip install for root unless you activate a virtualenv in which case it installs in it. If you make an alias of . env/bin/activate it is very simple, no ?
Python deployment is a shitshow. Unfortunately mission critical stuff (looking at you letsencrypt) is also written in it which means that your systems are built on very shaky foundations.
Well in ten years I have never had a nuked server by pip or virtualenv. I am sure there are edge cases but that must be true for all the ways of deploying stuff. I guess the ones you know well appear simple to you !
I kind of agree with both of you. I don't think Python deployment is that bad, as most modern managers get it right (I prefer Poetry nowadays). However something like letsencrypt-auto, which AFAIK installs its own dependencies, is not something I'd run. I've actually never used it precisely because it's too magical. Programs shouldn't install their own dependencies anywhere outside of a virtualenv.
Does certbot do the same ? I don’t use either so I can’t tell.
I strongly agree that any python program must install its dependencies in a virtualenv. One could even argue that this principle could be extended to any software !
People who know what they're doing can build a lot of things with python. It just so happens that I am not one of those people so I try to avoid it with a ten foot stick. I still use things built with python everyday.
I heard about dehydrated from PythonAnywhere [1]. I haven't ever been burned by LE from a Python library, but I have had issues in the past with the kube-lego Helm chart not renewing as it should (easily fixed by deleting the pod though). [I know kube-lego is in maintenance mode now in favor of cert-manager.]
For example, this "simple, lightweight" program has dependencies, as one can see in its .travis.yaml file. That's why the readme has the command `pip install commonmark` (plus more dependencies for dev). But, wait, doesn't `pip` install as root in /usr/local/ by default? (BTW, the documentation of `pip install` is mute on the subject.) So I should use pipenv, but last time I tried it was broken and the ticket had low activity. So virtualenv + pip, but it's a mess since I like using many terminals. I've heard about poetry, but that's not standard at all...