Open Stack

Thomas Goirand wrote:
> So I'm wondering: are we being careful enough when selecting
> dependencies? In this case, I think we haven't, and I would recommend
> against using wrapt. Not only because it embeds six.py, but because
> upstream looks uncooperative, and bound to its own use cases.

Proposed new dependencies all appear as proposed changes in the
requirements repository. We welcome and encourage distribution packagers
to participate in reviews there, to make sure the "packaging pain" is
taken into account in the approval process. And if something gets
accepted too fast for you to review and object to it, then raising a
thread on -dev like this is entirely appropriate.

> In a more general case, I would vouch for avoiding *any* Python package
> which is embedding a copy of another one. This should IMO be solved
> before the Python module reaches our global-requirements.txt.

That sounds like a good item in our requirements review checklist. At
the design summit we talked about including requirements rules and
review tips as a living document within the requirements repo itself.
That rule would definitely fit in there.

Cheers,

-- 
Thierry Carrez (ttx)