Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all,

some plugins depend on modules that are not mentioned in
requirements.txt. Among them, Cisco Nexus (ncclient), Brocade
(ncclient), Embrane (heleosapi)... Some other plugins put their
dependencies in requirements.txt though (like Arista depending on
jsonrpclib).

There are pros and cons in both cases. The obvious issue with not
putting those requirements in the file is that packagers are left
uninformed about those implicit requirements existing, meaning plugins
are shipped to users with broken dependencies. It also means we ship
code that depends on unknown modules grabbed from random places in the
internet instead of relying on what's available on pypi, which is a
bit scary.

With my packager hat on, I would like to suggest to make those
dependencies explicit by filling in requirements.txt. This will make
packaging a bit easier. Of course, runtime dependencies being set
correctly do not mean plugins are working and tested, but at least we
give them chance to be tested and used.

But, maybe there are valid concerns against doing so. In that case, I
would be glad to know how packagers are expected to track those
implicit dependencies.

I would like to ask community to decide what's the right way to handle
those cases.

Cheers,
/Ihar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJT7Lu2AAoJEC5aWaUY1u57tDkIAOrx1TWVjke8xxsJtz+tizmg
rDgoQyugU8bmaWUFzKi3yVLDFmkOH5iX9RFqj6pgXngydd+cO0Z8CB825uT7kimi
tTwTk2o1Ty4lIG38nwi/U8pn+nmzVApjOqtJmBmtZKBtoY7hRUs+QVTz5V5M1AmA
MQm0eYZXMQ531k4UTdaFxtZ2xPvnCEsFTWi0vosZLPvccVw33vUnQ0SnewQAgb4w
NZ7m302454S2INegqVYlZqQMQXxy6v/BAigyoLXBj8Pl3FsrNU0j3SMtzqSm71ty
GCz0qdWckUdgsDFnLyyNXjUV/G9xZ03pYZ5ID2WiVQl5MYbmkAHlJJkjCYIrv3c=
=tLTZ
-----END PGP SIGNATURE-----