I've determined this is safe. I'm making a PR removing the scary TODO, but I'm writing what I've learned here.
mongoengine.Document provides __eq__() and __neq__(). It does not provide other rich comparison methods (ie: __lt__(), __ge__(), ...). It also does not provide __cmp__(). Python Data Model docs state that since Python 2.1 "[__cmp__() is called] by comparison operations if rich comparison (see above) is not defined." [0] This behavior ensures that for == and != operations which mongoengine expects to have its Document.__eq__() and Document.__neq__() will be used as expected.
Also since mongoengine doesn't provide rich comparison operators we can be reasonably sure that it's not relying on the mostly non-sense comparison provided by the built in object.__lt__ implementation and other default rich comparison operators. Since mongoengine couldn't make meaningful use of these defaults, Pulp is free to define the comparison with __cmp__() as necessary.
One area of concern comes from the mongoengine's __eq__() and __neq__() being called instead of the __cmp__() when Pulp is comparing the equality or inequality of two units. The __eq__() and __neq__() of mongoengine is an ObjectId comparison of the _id fields. The __cmp__() Pulp has historically used would be a tuple comparison of (epoch, version, release) which could cause things that were considered equal to no longer being equal. In this area I think we should just bugfix as problems come up. If two units are not the same record in the DB, the equality comparison of them should not say they are so this new behavior is more correct.
Note that for Python 3 compatibility we will need to replace __cmp__() usage with the __lt__(), __le__(), __gt__(), __ge__(). When we do that we should not implement __eq__() or __neq__() because we could be affecting mongoengine internal behaviors by doing so.
For fun, here [1] is an interesting example of the motivation for rich operators which uses RPM tracking as the example.
[0]: https://docs.python.org/2/reference/datamodel.html#object.__cmp__
[1]: http://www.gerg.ca/blog/post/2012/python-comparison/
.
Removes scary TODO about cmp usage on NonMetadataPackage
closes #1435 https://pulp.plan.io/issues/1435