Open Stack

On Thu, Feb 28, 2013, Robert Collins <robertc at robertcollins.net> wrote:
> > Ideally, this could be all solved by pypi software better documenting
> > their versioning scheme. We could then more intelligently specify
> > dependencies onto APIs and not versions. Unfortunately this requires
> > quite a community effort to make sure everyone follows this reliably.
> 
> The best scheme in the world might tell us when an API is being broken
> on purpose, but it won't stop us updating when it breaks accidentally.
> 
> If we want to avoid grief, we need to update only when its safe, not
> when a new upstream upload happens.
> 
> However, *that* is automatable :).

I'm worried that a scheme where we pin dependencies and update only
after testing, is that it causes problems for our tarball releases.

They don't get released often enough to ensure bug fix releases upstream
don't get held back artificially.

I think it's a reasonable solution for the master branch, assuming there
isn't sufficient tooling to make sure it's not a burden on developers
and reviewers.

JE