Python installer ( with PIP) vs. Chocolatey vs. Conda vs. Anaconda vs. Microconda

[Rollo62 498]

Hi there,

 

I'm considering to dive a little into the Python universe, and ask myself which one is the best approach to get started.

Currently I use the package manager Chocolatey under Windows, not for Python yet, but it should be able to install Python and Anaconda as well.

 

I would like to bundle and use Python, Python4Delphi from a Delphi application as controller, best of all nicely integrated in one setup, to produce a commercial application.

Since inclusion into one binary setup is very likely problematic, this can be also a separate download of installers, which best of all can be running silently.

I like the environment of Python, but I would like to keep customers away from all the nerdy internals, as much as possible.

 

I have a few main questions to all of this

1. What is the best installer (distribution ) to be packed ( or separately downloaded ) together with a complete commercial application
    
2. What is the best installer to meet all the licenses, containing Python, their Packages and repositories ( I think Anaconda is the only repository, but I'm unsure ).
    
3. Can Python itself be used (bundled or separate installed) within a commercial applications ? The License itself seems a kind of specific .Python license
    
4. The licenses of the separate packages need to be checked individually, that is not my point here at the moment.
   I would like to find what is the best way to bundle Python, Python4Delphi with a Delphi application.

 

In general I understand the differences like that:

 

Chocolatey

• Is able to install Python and Anaconda too, but this is maybe only an additional layer which is not necessary
• What I understood is that the Conda universe can completely replace Chocolatey and more, is that correct ?.
• Is it worth to replace Chocolatey by Anaconda, also for other projects, like the Node.js, PHP universes ?
• Does it make sense to keep them side-by-side, so that they play out their synergies ?

 

Conda

• Is the pure package manager application, whereas Anaconda and Miniconda are distributions including already Python and some packages.
• Seems to be related to Anaconda universe only

 

Anaconda:

• Best if you are new to conda or Python ( really ? )
• Has the onvenience of having Python and over 1500 scientific packages automatically installed at once
• Have enough time and disk space (a few minutes and 3 GB)
• If you don’t want to install each of the packages you want to use individually.
• Is a full distribution of the central software in the PyData ecosystem, and includes Python itself along with the binaries for several hundred third-party open-source projects.
• It seems Anaconda is bloated
• Licensing is maybe problematic, if I consider a properitary application later on ( would need an Enterprise account and pricing )

 

Miniconda:

• If you do not mind installing each of the packages you want to use individually ( that should be a one-liner each, installing all their dependencies too  ).
• Try to optimize install time or disk space, by installing only the necessary libraries at once
• If you want to get fast access to Python and the conda commands, and wish to sort out the other programs later.
• Its essentially an installer for an empty conda environment, containing only Conda, its dependencies, and Python.
• It seems Microconda is lean and clean, thats what I prefer
• Licensing is somewhat unclear, it seems that Microconda is free to be integrated in applications ( maybe installing a few packages only depends on their licenses alone ? )

 

PIP: PyPi:

• This is the package manger for Python itself, I'm not sure to what that repository is related to ( is it only PyPi ? ).
  It seems to have a separate repo, is that right ?
• Does Anaconda and PIP share some repositories and packages ?
• If so, which one are more actual ?

 

Maybe the Python experts in this forum have more insight into the Python setup, usable for complete applications.

I hope to find some answers here how to utilize all above at its best, otherwise the whole Python thing stays maybe a personal playground only.

 

 

 

 

Edited June 1, 2022 by Rollo62

[David Heffernan 2290]

It's easy to use the Python embedded distribution, basically just a Zip file, and deploy that. You can slipstream modules into it as you please. 

[Fr0sT.Brutal 897]

2 hours ago, David Heffernan said:

It's easy to use the Python embedded distribution, basically just a Zip file, and deploy that. You can slipstream modules into it as you please. 

AFAIU he wants to let users install additional packages for use in his app

[Rollo62 498]

3 hours ago, David Heffernan said:

It's easy to use the Python embedded distribution, basically just a Zip file, and deploy that. You can slipstream modules into it as you please. 

Yes, but it seems not all Packages are available in the standard distribution or the connected PyPi repository.

Thats why I looked into Anaconda repository, which seems to be well maintained.

If I distribute Python together in an compiled setup, then I would like to have a minimal installation and all required packages were loaded after install from the main exe.

A GUI protects the user from any interfearance with the Python backend.

 

If you meant that the "normal" Python distribution is free to add in commercials too, and is able to bootstrap itself from PyPi or Anaconda, then this might be a good alternative too.

As far as I have seen, the Python license would allow that, I think you're right.

 

Some Python-nauts recommend to use Miniconda for that bootstrap purpose, which would also be by favorite so far.

Thats why I ask what the best setup for this task would be, I'm a 5% Python newbie so far 🙂       Only have used a few scripts for testing.

 

1 hour ago, Fr0sT.Brutal said:

AFAIU he wants to let users install additional packages for use in his app

Not quite, I want to prepare pre-build apps with e.g. InnoSetup, similar as usual, convenient Windows Apps,
where the simple user shall be totally shielded against any underlying command-line operations or other "difficult" tasks, like re-loading extra packages, etc.

Everything should be packed in a nice GUI, with a few buttons to operate, while that hard work is done by some special Python packages underneath.

The GUI should only prepare all packages accordingly and run the prepared scripts.

 

Edited June 1, 2022 by Rollo62

[shineworld 68]

As like as David Heffernan I use the embedded python version for our customers.

You can install pip in the embedded version so the end-user can add new packages or update packages from whl or Pypi.

The embedded way is perfect to have an isolated python in which trust to deploy software for end-user.

For example, my embedded version contains right OpenCV, NumPy, delphivcl/fmx, and support packages that I will use to create the end-user python program

avoiding any conflicts with different versions already installed in other customer python installations and without use conda, etc.

[Fr0sT.Brutal 897]

1 hour ago, Rollo62 said:

Not quite, I want to prepare pre-build apps with e.g. InnoSetup, similar as usual, convenient Windows Apps,
where the simple user shall be totally shielded against any underlying command-line operations or other "difficult" tasks, like re-loading extra packages, etc.

I think delivering a commercial software directly depending on some 3rd party components you don't control and which should be downloaded from some another 3rd party's source is not the right way to go unless that's some kind of GUI scripter that must allow using ANY package. The right way is to have all these packages in your repo and install them only from your source (distr / your site). This way you can be sure things work and no small update of a single tiny package breaks your whole setup.

[hsauro 35]

I looked around and didn’t find any immediate answer but can the embedded python be used on Mac OS in a similar way? I’m interested in distributing python with a Delphi App on the Mac and windows.

[Rollo62 498]

2 hours ago, shineworld said:

You can install pip in the embedded version so the end-user can add new packages or update packages from whl or Pypi.

Maybe the difference I'm looking for is the ability also to integrate non-python packages, like this example, this is why I'm looking after Anaconda vs. Chocolatey for example.

1 hour ago, Fr0sT.Brutal said:

I think delivering a commercial software directly depending on some 3rd party components you don't control and which should be downloaded from some another 3rd party's source is not the right way ...

Yes, its a test balloon and new consideration for me too, to find out  that whole thing makes sense.

I'm not thinking of a huge application, but about a small app that can do a few little things very good, like a swiss knife.

There are so many very good, well maintained open libraries out there, why not make use of them and even push their publication a little ?

I know quite a few free or not-free "utility" products that rely on other open-source packages, only for making them more user-friendly.

 

To download from 3rd Party I see not as problen at all, best example is Delphi itself:

 - Installer downloads Ms Dot-Net installer

 - Delphi uses Android SDK packages ( I have to confirm license sepatately )

and so on.

 

I think this is nothing new or "smelly" with that approach, at least from my point of view.

We only have to take care about the license questions, maybe switch from open to licensed packages in some cases.

For that reasons I'm looking after platforms that supports most packages in a most convenient way.

 

 

 

 

 

 

 

[David Heffernan 2290]

4 hours ago, Rollo62 said:

Yes, but it seems not all Packages are available in the standard distribution or the connected PyPi repository.

Well, slipstream them in too. You should be able to deliver an environment that has any packages you need. 

[Fr0sT.Brutal 897]

15 hours ago, Rollo62 said:

To download from 3rd Party I see not as problen at all, best example is Delphi itself:

But ISO has SDK and .net bundled AFAIK.

Also consider cases of packages fuckups (google "npm package breaks internet") and intentional or occasional malware introduction. Not mentioning probably broken compatibility in new versions. And your customer won't be happy if, for example, he installs an app from accessible supersoft.com but an installer tells that some other snakepackages.com is inaccessible for some reason so it can't continue and advises the user to snag off.

[Rollo62 498]

All that can happen, but its also true that the whole pip, npm, composer, chocolatey universes and also the applications and websites build on that rely on such same repositories.

These should be billions I would guess.

 

This would break as well for many other applications, no matter if bundled or not, or if hosted on AWS.

I was never aware of any bigger problems with that repos, of course security issues always appear here and there on a daily bases,

but in general well maintained packages, reviewed by many people, should have relative low risk.

 

That said also Workpress, Joomla, whatever face the same risks, even every Website, not only a very specific desktop application.

I would assume if someone compromizes for example ImageMagick, then the whole web will be down, not caring much about such small desktop app.

The last case I can think of was OpenSSL or log4j, which had that ability to put the web down, it can basically catch anyone anytime always.

We're all using some external stuff here and there, even Delphi itself was compromized before, so I would not think that risk with repos would not be manageable.

 

But thanks to remind me on that risk question, so it might be a good idea to integrate some additional "security" features inside, for example to be able to cut off

the apps fastly from a central server by a blacklist server maybe, if some problems with packages are known.

 

[Fr0sT.Brutal 897]

All I want to say is that self-contained installers rule and downloaders tend to suck. How a user could install an app on a system without internet? What if package site is down? What if connection is unstable? I'm sure 99.9% of web installers just hiccup on disconnect and stop installation making a user start whole process from the very beginning.

That's my point. Decision is yours.