Lower-constraints should test that the minimal requirements work together. The way we use the install-command in tox.ini, pip often ignores the constraints and install a newer package then requested. First Example: cloudkitty (see [1], [2] ,[3] , [4]) The repo has: install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} {opts} {packages} and in lower-constraints.txt: "python-keystoneclient==1.9.0" And this runs the test with "keystoneclient==4.0.0" [1] Removing the install_command [3] or moving constraints from install_command into deps [2] gives "ERROR: Could not find a version that satisfies the requirement python-keystoneclient==1.9.0" So, this works as expected - but means this repo never tested what it expected to test. Second example: kolla-cli [5] Removing the install_command with constraints, suddenly lower-constraints fails with: "Could not find a version that satisfies the requirement mypy==0.6" Same problem as with cloudkitty. I fear that every repo that has constraints in its install_command has broken lower-constraints file. Just remove it and see that nothing works anymore ;/ Therefore, I suggest for repos to remove install_command - the default is just fine in newer tox (3.x) - and fix their lower-constraints.txt to really test that the specified package versions work together. Information about lower-constraints.txt is at [6], Andreas References: [1] https://review.opendev.org/720767 [2] https://review.opendev.org/720768 [3] https://review.opendev.org/720770 [4] https://review.opendev.org/720775 [5] https://review.opendev.org/#/c/720754/3 [6] https://docs.openstack.org/project-team-guide/dependency-management.html -- Andreas Jaeger aj@suse.com Twitter: jaegerandi SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D 90409 Nürnberg (HRB 36809, AG Nürnberg) GF: Felix Imendörffer GPG fingerprint = EF18 1673 38C4 A372 86B1 E699 5294 24A3 FF91 2ACB