[all][dev] Beware how fun the new pip can be

Jeremy Stanley fungi at yuggoth.org
Wed Jan 13 20:19:14 UTC 2021

On 2021-01-13 20:36:06 +0100 (+0100), Radosław Piliszek wrote:
> As an example, I can give you [1] where we are experimenting with
> getting some extracurricular package into our containers, notably
> fluent-logger. The only dep of fluent-logger is msgpack but the
> latest msgpack (as in upper constraints: 1.0.2, or any 1.x for
> that matter) is not compatible. However, the pin was introduced in
> fluent-logger in its 0.9.5 release (0.9.6 is the latest).

So just to clarify, your concern is that because you've tried to
install newer msgpack, pip is selecting an older version of
fluent-logger which doesn't declare an incompatibility with that
newer version of msgpack. This seems technically correct. I'm
willing to bet if you insisted on installing fluent-logger>0.9.5 you
would get the behavior you're expecting.

The underlying problem is that the package ecosystem has long based
dependency versioning choices on side effect behaviors of pip's
(lack of coherent) dep resolution. From the user side of things, if
you want to install more than one package explicitly, you need to
start specifying how new you want those packages to be.

However surprising it is, pip seems to be working as intended here.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210113/bdb5e040/attachment.sig>

More information about the openstack-discuss mailing list