[openstack-dev] [packaging] liberty doesn't have caps on deps

Thierry Carrez thierry at openstack.org
Fri Oct 16 08:23:59 UTC 2015

Robert Collins wrote:
> [...]
> BUT: we haven't (ever!) tested that the lowest versions we specify
> work. When folk know they are adding a hard dependency on a version we
> do raise the lower versions, but thats adhoc and best effort today.
> I'd like to see a lower-constraints.txt reflecting the oldest version
> that works across all of OpenStack (as a good boundary case to test) -
> but we need to fix pip first to teach it to choose lower versions over
> higher versions (https://github.com/pypa/pip/issues/3188 - I thought
> I'd filed it previously but couldn't find it...)
> More generally, we don't [yet] have the testing setup to test multiple
> versions on an ongoing basis, so we can't actually make any statement
> other than 'upper-constraints.txt is known to work'. Note: before
> constraints we couldn't even make *that* statement. The statement we
> could make then was 'if you look up the change in gerrit and from that
> the CI dvsm test run which got through the gate, then you can
> figureout *a* version of the dependencies that worked.

And that is the critical bit. The system we had in kilo and before may
appear to be more practical to interpret downstream, but the assertions
it was making were mostly untested. So the capping was a convenient
illusion: things beyond the cap may be working, and things below the cap
could actually be broken. At least the upper-constraints expresses
clearly the combination that works and was tested. Combined with the
uncapped requirements (which express what *should* be working, to the
best of our knowledge), they make a more accurate, albeit admittedly
more complex, set of information for downstream packagers.

Thierry Carrez (ttx)

More information about the OpenStack-dev mailing list