<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Sep 17, 2014 at 3:53 PM, Robert Collins <span dir="ltr"><<a href="mailto:robertc@robertcollins.net" target="_blank">robertc@robertcollins.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 18 September 2014 08:01, Dean Troyer <<a href="mailto:dtroyer@gmail.com">dtroyer@gmail.com</a>> wrote:<br>
> Interestingly enough, the distros are doing exactly what they don't want us<br>
> to do, ie, rebuilding things to use 'their' tested version of dependencies<br>
> rather than the included one...<br>
<br>
</span>Indeed - but the distros are solving for two specific issues:<br></blockquote><div><br></div><div>No argument, just observing the recursive nature of this...</div><div><br></div><div>Also, if we pin to a version, is the downstream consequence different? IIRC Thomas has had to do this with Django (1.7?) and Horizon, probably with others too.</div><div><br></div><div>As a provider of an app package directly to users, dealing with the front-line consequences of changing dependencies falls on me. And its one reason with this hat on I want static linking, or a Python equivalent of it (bundling/vendoring) at the app level.</div><div><br></div><div><div>As an upstream to a distro, I'm happy to let them deal with all of that. Isn't it fun being in the middle?</div></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">OOI were thouse changes API breaks or were we depending on nonpublic aspects?<br></blockquote><div><br></div><div>prettytable was packaging once and I don't recall the other. requests, aside from the recent 2.4.0 release, was the 1.0.0 release when we weren't expecting it and nothing was pinned <1.0.0. I think that was an API change that bit us. The 1.0.0 version was clear, but not having the control over the timing of the change is what makes me understand Kenneth's position on urllib3 and why those who bundle requests do that too...</div></div><div><br></div><div>Is my Go-ness showing yet?</div><div><br></div><div>dt</div><div><br></div>-- <br><br>Dean Troyer<br><a href="mailto:dtroyer@gmail.com">dtroyer@gmail.com</a><br>
</div></div>