[openstack-dev] Dependency version pinning [was Re: Pyparsing 2.0 breaking jenkins jobs]
Mark McLoughlin
markmc at redhat.com
Sun Mar 3 16:23:04 UTC 2013
On Thu, 2013-02-28 at 15:43 +0000, Mark McLoughlin wrote:
> On Thu, 2013-02-28 at 11:59 +0000, Mark McLoughlin wrote:
> > On Wed, 2013-02-27 at 14:43 -0500, Doug Hellmann wrote:
> > > On Wed, Feb 27, 2013 at 1:44 PM, Monty Taylor <mordred at inaugust.com> wrote:
> > > > On 02/27/2013 01:38 PM, Sean Dague wrote:
> >
> > > > > Various respected python community members, it would be really awesome
> > > > > to solve this as a root issue, get pypi to not allow uploads that don't
> > > > > specify, and have it be part of the installer. Would be good for
> > > > > everyone, not just OpenStack.
> > > >
> > > > Python is talking about serveral major upgrades to PyPI - I'll toss this
> > > > one in the mix.
> > > >
> > >
> > > +1 Participating in the packaging summit at PyCon in a few weeks should go
> > > a long way.
> >
> > I've just sent a slightly desperate plea to psf-members. See attached.
>
> Redirected here:
>
> http://mail.python.org/pipermail/distutils-sig/2013-February/020030.html
>
> Nick Coghlan points out PEP426 which is relevant:
>
> http://www.python.org/dev/peps/pep-0426/
Another follow-up on distutils-sig attached.
The conclusion I'm coming to from the discussion is that by and large
Python library maintainers try to avoid incompatible changes and they
have commitments to stability built into their versioning schemes. We
need to understand each library's versioning scheme and do e.g.
sqlalchemy>=0.7.8,<0.8
because we know that a minor version number change in sqlalchemy is used
to warn people of an incompatible change whereas other libraries we can
do:
foo>=1.2.3,<2
because we know they're using the semantic versioning and will only make
incompatible API changes in version 2 whereas still others we can do:
bar>=2.2
because we know they will introduce a new 'bar2' library if they need to
make incompatible changes.
Not fun, but way better than pinning to specific versions IMHO.
Cheers,
Mark.
-------------- next part --------------
An embedded message was scrubbed...
From: Mark McLoughlin <markmc at redhat.com>
Subject: Re: Library instability on PyPI and impact on OpenStack
Date: Sun, 03 Mar 2013 15:54:33 +0000
Size: 9184
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130303/895e0bf6/attachment.mht>
More information about the OpenStack-dev
mailing list