Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Jul 2016 09:17:32 +0000
From:      bugzilla-noreply@freebsd.org
To:        python@FreeBSD.org
Subject:   [Bug 211073] devel/awscli: update to 1.10.46, devel/py-botocore: update to 1.4.36
Message-ID:  <bug-211073-21822-U9i4OKmL0x@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211073-21822@https.bugs.freebsd.org/bugzilla/>
References:  <bug-211073-21822@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211073

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|patch-ready                 |needs-qa
                 CC|                            |python@FreeBSD.org
             Status|New                         |Open

--- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> ---
TL:DR The dependency specs need to be changed to to ">=3D" in setup.py

Python upstreams often (blindly) pin their dependencies in their released
packages, usually to help avoid users inadvertently installing (with pip)
*potentially* incompatible versions.

Other projects sometimes use >=3DX.Y,<Z.0, which is a little better, but as=
sumes
API's are not broken within minor versions (which does happen).

Most Python projects understand that release packages and package/applicati=
on
deployment, where one wants to pin all dependencies by default, are two
separate things, and use >=3D for their released (to PyPI) packages. These
projects end up ahead of the curve, as they invariably end up knowing (if
they're using CI) before releasing that a dependency of theirs breaks API,
minimising the failure window for users.

These exact version dependencies are untenable within ports, as multiple
concurrent versions of Python ports/packages are not available for users to
install, only the latest version. With the current =3D=3D lines, devel/awsc=
li will
fail if botocore is ever updated. Whether or not they're currently maintain=
ed
by the same person or always updated together is immaterial.

It's very unlikely that there is always an *exact* and *only* dependence on=
 a
specific version of botocore. If there is, awscli should vendor the code.

For the project in question, its probably better for them to unpin those
dependencies for development and release purposes, so that they can test (C=
I)
their code against the latest version of them at all times.

I'd suggest opening an issue upstream and asking them to use >=3D (or at le=
ast
>=3D, < X.0) as their default.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211073-21822-U9i4OKmL0x>