On Feb 15, 2017, at 11:44 AM, Donald Stufft <donald@stufft.io> wrote:

On Feb 15, 2017, at 1:15 PM, Daniel Holth <dholth@gmail.com> wrote:

I also get a little frustrated with this kind of proposal "no pins" which I read as "annoy the publisher to try to prevent them from annoying the consumer". As a free software publisher I feel entitled to annoy the consumer, an activity I will indulge in inversely proportional to my desire for users. Who is the star?

It should be possible to publish applications to pypi. Much of the packaging we have is completely web application focused, these applications are not usually published at all.

I haven’t fully followed this thread, and while the recommendation is and will always be to use the least strict version specifier that will work for your application, I am pretty heavily -1 on mandating that people do not use ``==``. I am also fairly heavily -1 on confusing the data model even more by making two sets of dependencies, one that allows == and one that doesn’t.

I hope I'm not repeating a suggestion that appears up-thread, but, if you want to distribute an application with pinned dependencies, you could always released 'foo-lib' with a lenient set of dependencies, and 'foo-app' which depends on 'foo-lib' but pins the transitive closure of all dependencies with '=='. Your CI system could automatically release a new 'foo-app' every time any dependency has a new release and a build against the last release of 'foo-app' passes.