[openstack-dev] Please do *NOT* use "vendorized" versions of anything (here: glanceclient using requests.packages.urllib3)
Dean Troyer
dtroyer at gmail.com
Wed Sep 17 21:22:22 UTC 2014
On Wed, Sep 17, 2014 at 3:53 PM, Robert Collins <robertc at robertcollins.net>
wrote:
> On 18 September 2014 08:01, Dean Troyer <dtroyer at gmail.com> wrote:
> > Interestingly enough, the distros are doing exactly what they don't want
> us
> > to do, ie, rebuilding things to use 'their' tested version of
> dependencies
> > rather than the included one...
>
> Indeed - but the distros are solving for two specific issues:
>
No argument, just observing the recursive nature of this...
Also, if we pin to a version, is the downstream consequence different?
IIRC Thomas has had to do this with Django (1.7?) and Horizon, probably
with others too.
As a provider of an app package directly to users, dealing with the
front-line consequences of changing dependencies falls on me. And its one
reason with this hat on I want static linking, or a Python equivalent of it
(bundling/vendoring) at the app level.
As an upstream to a distro, I'm happy to let them deal with all of that.
Isn't it fun being in the middle?
OOI were thouse changes API breaks or were we depending on nonpublic
> aspects?
>
prettytable was packaging once and I don't recall the other. requests,
aside from the recent 2.4.0 release, was the 1.0.0 release when we weren't
expecting it and nothing was pinned <1.0.0. I think that was an API change
that bit us. The 1.0.0 version was clear, but not having the control over
the timing of the change is what makes me understand Kenneth's position on
urllib3 and why those who bundle requests do that too...
Is my Go-ness showing yet?
dt
--
Dean Troyer
dtroyer at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140917/a3f795a5/attachment.html>
More information about the OpenStack-dev
mailing list