[all] Lower-constraints in some projects broken - update your repos

Jeremy Stanley fungi at yuggoth.org
Sat Apr 18 15:13:35 UTC 2020

On 2020-04-18 16:18:24 +0200 (+0200), Radosław Piliszek wrote:
> On Sat, Apr 18, 2020 at 2:56 PM Jeremy Stanley <fungi at yuggoth.org> wrote:
> > In what way is it not enforced? Or put another way, what were you
> > expecting it to enforce which it doesn't?
> Oh, I mean the lockfile part.
> If lower-constraints jobs pass without enforcing each transitive
> dependency, then it's not enforced in this way.

I wouldn't mind digging into a specific example of this. It seems
likely to be one (or more) of:

* an incorrect or incomplete configuration

* a misunderstanding about what is being constrained

* a bug in pip or setuptools

* a broken CI job

The way it's supposed to work is that when pip decides to install a
package (whether directly or as a dependency of something else) it
checks the available versions of that package against the supplied
list of version constraints and errors if there is no available
version of the package which meets those constraints. If that's not
what's happening, then something's clearly wrong.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200418/56869ceb/attachment.sig>

More information about the openstack-discuss mailing list