[openstack-dev] Taskflow for Juno RC1 effectively require Kombu 3.x
Jeremy Stanley
fungi at yuggoth.org
Wed Oct 1 16:38:54 UTC 2014
On 2014-10-01 16:04:37 -0007 (-0007), Joshua Harlow wrote:
> Thanks for finding this one (it'd be nice for some gate job to run
> in 'strict' requirements mode which tests the lower bounds of the
> requirements repo somehow, since with things like kombu>=2.5.0
> this will always pull in the newest and everything will look fine,
> it'd be neat if somehow we could turn all '>=' to '==' in one gate
> job somehow)...
This has been suggested before, and can be implemented in the
magical land of fairies and elves where pip has an actual dependency
solver... ;)
Snarkiness aside, pip just installs what you ask it to install, in
sequence. Transitive dependencies which conflict with your
dependencies don't cause an installation failure, they just override
you. So you can force things from >= to == all you like, but in
many, many cases it won't prevent you from winding up with newer
versions of libraries than you asked for.
One alternative would be to hack an --always-lowest option into a
new version of pip, which would cause it to always choose the lowest
match for any declared range rather than the highest. Though I
expect this would break horribly as we've no doubt got unversioned
transitive dependencies (so not under our control, unlike direct
dependencies) where the earliest releases were unusable.
--
Jeremy Stanley
More information about the OpenStack-dev
mailing list