[openstack-dev] Dependency version pinning [was Re: Pyparsing 2.0 breaking jenkins jobs]

Sean Dague sdague at linux.vnet.ibm.com
Wed Feb 27 15:36:52 UTC 2013


On 02/27/2013 05:54 AM, Daniel P. Berrange wrote:
>>
>> You know, pinning should only ever be a short-term solution. At some
>> point, distributions are going to have the newer version of any given
>> package and we need to be able to work with that.
>>
>> Really, any time we pin to a specific dependency version we should also
>> file a bug to track the work needed to unpin it again.
>
> And the tools/pip-requires file should have a comment linking to that
> bug, or otherwise clearly explaining why the version pin was required,
> so that we don't have to go hunting for the reason.
>
>
> Daniel
>

This is a situation that's going to get worse before it gets better. 
With python 3 being incompatible, and pypi packages now starting to 
release that don't support python 2, and pip apparently not caring about 
python version compatibility, this is going to just end up ugly if we 
leave things open.

That gate was broken for 4 hours yesterday because of a django release 
(broke all of stable as well), spent a lot of time chasing that.

The gate has been broken for 4 hours already today because of a 
pyparsing release.

If no one wants the gate to work before noon EST any more we can leave 
things unpinned. With pycon in 2 weeks I'm sure these are not the only 2 
breaks we're going to see on this.

I agree we need some way of figuring out that it's safe to move forward, 
but the current model means we can loose 1/2 day of merging because of 
something we don't control at all.

	-Sean

-- 
Sean Dague
IBM Linux Technology Center
email: sdague at linux.vnet.ibm.com
alt-email: sldague at us.ibm.com




More information about the OpenStack-dev mailing list