Open Stack

On 02/27/2013 06:37 PM, Johannes Erdfelt wrote:
> On Thu, Feb 28, 2013, Robert Collins <robertc at robertcollins.net> wrote:
>>> Ideally, this could be all solved by pypi software better documenting
>>> their versioning scheme. We could then more intelligently specify
>>> dependencies onto APIs and not versions. Unfortunately this requires
>>> quite a community effort to make sure everyone follows this reliably.
>>
>> The best scheme in the world might tell us when an API is being broken
>> on purpose, but it won't stop us updating when it breaks accidentally.
>>
>> If we want to avoid grief, we need to update only when its safe, not
>> when a new upstream upload happens.
>>
>> However, *that* is automatable :).
>
> I'm worried that a scheme where we pin dependencies and update only
> after testing, is that it causes problems for our tarball releases.
>
> They don't get released often enough to ensure bug fix releases upstream
> don't get held back artificially.
>
> I think it's a reasonable solution for the master branch, assuming there
> isn't sufficient tooling to make sure it's not a burden on developers
> and reviewers.

But on the flip side... they don't get released often enough to ensure 
upstream dependency changes don't horribly break us, and that release 
tarballs aren't completely useless to anyone after some period of time 
(which could be as short as a couple weeks).

It's a double edged sword.

	-Sean

-- 
Sean Dague
IBM Linux Technology Center
email: sdague at linux.vnet.ibm.com
alt-email: sldague at us.ibm.com