[all][dev] Beware how fun the new pip can be
radoslaw.piliszek at gmail.com
Wed Jan 13 20:27:59 UTC 2021
On Wed, Jan 13, 2021 at 9:22 PM Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2021-01-13 20:36:06 +0100 (+0100), Radosław Piliszek wrote:
> > As an example, I can give you  where we are experimenting with
> > getting some extracurricular package into our containers, notably
> > fluent-logger. The only dep of fluent-logger is msgpack but the
> > latest msgpack (as in upper constraints: 1.0.2, or any 1.x for
> > that matter) is not compatible. However, the pin was introduced in
> > fluent-logger in its 0.9.5 release (0.9.6 is the latest).
> So just to clarify, your concern is that because you've tried to
> install newer msgpack, pip is selecting an older version of
> fluent-logger which doesn't declare an incompatibility with that
> newer version of msgpack. This seems technically correct. I'm
> willing to bet if you insisted on installing fluent-logger>0.9.5 you
> would get the behavior you're expecting.
> The underlying problem is that the package ecosystem has long based
> dependency versioning choices on side effect behaviors of pip's
> (lack of coherent) dep resolution. From the user side of things, if
> you want to install more than one package explicitly, you need to
> start specifying how new you want those packages to be.
> However surprising it is, pip seems to be working as intended here.
Yes, it does!
See my addendum as well.
I will recap once more that I am not saying pip is doing anything wrong.
Just BEWARE because you are most likely used to a different behaviour,
just like me.
Trying to use two conflicting constraints will make pip ERROR out and
this is great now.
I like new pip for this reason.
But, as you mention, the ecosystem is not prepared.
More information about the openstack-discuss