[openstack-dev] Selecting more carefully our dependencies
Thomas Goirand
zigo at debian.org
Sat May 31 16:02:39 UTC 2014
On 05/30/2014 03:22 PM, Chmouel Boudjnah wrote:
>
> On Thu, May 29, 2014 at 11:25 AM, Thomas Goirand <zigo at debian.org
> <mailto:zigo at debian.org>> wrote:
>
> So I'm wondering: are we being careful enough when selecting
> dependencies? In this case, I think we haven't, and I would recommend
> against using wrapt. Not only because it embeds six.py, but because
> upstream looks uncooperative, and bound to its own use cases.
>
>
>
> is it something that could be 'testable' from an external CI which would
> be in the requirements repo when there is a new library added?
>
> Chmouel
Well, the trick seems to grep for text strings that you see in the most
common embedded libraries. Here's an attempt from Jakub Wilk:
https://bitbucket.org/jwilk/lintian4python/src/default/vendors/debian/python/data/python2-embedded-code-copies
This isn't perfect, but it may catch the most common embedded libs.
Thomas
More information about the OpenStack-dev
mailing list