On Wed, Jan 13, 2021 at 9:22 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2021-01-13 20:36:06 +0100 (+0100), Radosław Piliszek wrote: [...]
As an example, I can give you [1] where we are experimenting with getting some extracurricular package into our containers, notably fluent-logger. The only dep of fluent-logger is msgpack but the latest msgpack (as in upper constraints: 1.0.2, or any 1.x for that matter) is not compatible. However, the pin was introduced in fluent-logger in its 0.9.5 release (0.9.6 is the latest). [...]
So just to clarify, your concern is that because you've tried to install newer msgpack, pip is selecting an older version of fluent-logger which doesn't declare an incompatibility with that newer version of msgpack. This seems technically correct. I'm willing to bet if you insisted on installing fluent-logger>0.9.5 you would get the behavior you're expecting.
The underlying problem is that the package ecosystem has long based dependency versioning choices on side effect behaviors of pip's (lack of coherent) dep resolution. From the user side of things, if you want to install more than one package explicitly, you need to start specifying how new you want those packages to be.
However surprising it is, pip seems to be working as intended here.
Yes, it does! See my addendum as well. I will recap once more that I am not saying pip is doing anything wrong. Just BEWARE because you are most likely used to a different behaviour, just like me. Trying to use two conflicting constraints will make pip ERROR out and this is great now. I like new pip for this reason. But, as you mention, the ecosystem is not prepared. -yoctozepto