On 2019-03-05 11:31:16 -0700 (-0700), Boden Russell wrote: [...]
The question is; do we want these devstack jobs using their dependencies from git source, or should they be using tagged branches/releases of them instead?? [...]
The primary risk with developing only against unreleased source of your dependencies, when your users expect to deploy your releases with released dependencies, is that you can end up accidentally releasing something which only works with unreleased and potentially unsupported states of its dependencies. You do still need some means of confirming your releases can work when used strictly with released versions of its dependencies, so as to prevent this. Testing against released dependencies instead side-steps this problem, but at the loss of easy testing against upcoming dependency versions. -- Jeremy Stanley