On 2021-01-07 17:55:44 +0100 (+0100), Radosław Piliszek wrote: [...]
This is also why we can't really have a smart-enough solver trying to minimize dep versions as some have no bounds on either side. What would the verdict then be? If it was to install the oldest version ever, I bet it would fail most of the time.
Yes, I expect that too would require some manual tweaking to find appropriate versions to override with, however that wouldn't need to be redone nearly as often as what you end up with when you're fighting tools which always want to install the most recent available version.
For me, lower constraints are well too complicated to really get right, and, moreover, checking only unit tests with them is likely not useful enough to warrant that they result in working deployments. [...]
This I agree with. I think lower bounds checking is theoretically possible with appropriate tools (which don't currently exist), but would still involve filling in yourself for the authors of less rigorously maintained projects in your transitive dependency set. More generally, basically nothing in the Python packaging ecosystem is designed with the idea of supporting a solution to this, and there's very little to encourage a project to even list much less keep up minimum versions of dependencies, except in order to force an upgrade. -- Jeremy Stanley