Date: Wed, 13 Jul 2016 09:17:32 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 211073] devel/awscli: update to 1.10.46, devel/py-botocore: update to 1.4.36 Message-ID: <bug-211073-21822-U9i4OKmL0x@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211073-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-211073-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211073 Kubilay Kocak <koobs@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|patch-ready |needs-qa CC| |python@FreeBSD.org Status|New |Open --- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> --- TL:DR The dependency specs need to be changed to to ">=3D" in setup.py Python upstreams often (blindly) pin their dependencies in their released packages, usually to help avoid users inadvertently installing (with pip) *potentially* incompatible versions. Other projects sometimes use >=3DX.Y,<Z.0, which is a little better, but as= sumes API's are not broken within minor versions (which does happen). Most Python projects understand that release packages and package/applicati= on deployment, where one wants to pin all dependencies by default, are two separate things, and use >=3D for their released (to PyPI) packages. These projects end up ahead of the curve, as they invariably end up knowing (if they're using CI) before releasing that a dependency of theirs breaks API, minimising the failure window for users. These exact version dependencies are untenable within ports, as multiple concurrent versions of Python ports/packages are not available for users to install, only the latest version. With the current =3D=3D lines, devel/awsc= li will fail if botocore is ever updated. Whether or not they're currently maintain= ed by the same person or always updated together is immaterial. It's very unlikely that there is always an *exact* and *only* dependence on= a specific version of botocore. If there is, awscli should vendor the code. For the project in question, its probably better for them to unpin those dependencies for development and release purposes, so that they can test (C= I) their code against the latest version of them at all times. I'd suggest opening an issue upstream and asking them to use >=3D (or at le= ast >=3D, < X.0) as their default. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211073-21822-U9i4OKmL0x>