Open Stack

On Wed, Jan 13, 2021 at 9:22 PM Jeremy Stanley <fungi at yuggoth.org> wrote:
>
> On 2021-01-13 20:36:06 +0100 (+0100), Radosław Piliszek wrote:
> [...]
> > As an example, I can give you [1] where we are experimenting with
> > getting some extracurricular package into our containers, notably
> > fluent-logger. The only dep of fluent-logger is msgpack but the
> > latest msgpack (as in upper constraints: 1.0.2, or any 1.x for
> > that matter) is not compatible. However, the pin was introduced in
> > fluent-logger in its 0.9.5 release (0.9.6 is the latest).
> [...]
>
> So just to clarify, your concern is that because you've tried to
> install newer msgpack, pip is selecting an older version of
> fluent-logger which doesn't declare an incompatibility with that
> newer version of msgpack. This seems technically correct. I'm
> willing to bet if you insisted on installing fluent-logger>0.9.5 you
> would get the behavior you're expecting.
>
> The underlying problem is that the package ecosystem has long based
> dependency versioning choices on side effect behaviors of pip's
> (lack of coherent) dep resolution. From the user side of things, if
> you want to install more than one package explicitly, you need to
> start specifying how new you want those packages to be.
>
> However surprising it is, pip seems to be working as intended here.

Yes, it does!

See my addendum as well.

I will recap once more that I am not saying pip is doing anything wrong.
Just BEWARE because you are most likely used to a different behaviour,
just like me.

Trying to use two conflicting constraints will make pip ERROR out and
this is great now.
I like new pip for this reason.
But, as you mention, the ecosystem is not prepared.

-yoctozepto