[Distutils] Library instability on PyPI and impact on OpenStack

Mark McLoughlin markmc at redhat.com
Sun Mar 3 17:07:41 CET 2013


Hey

On Thu, 2013-02-28 at 10:46 -0500, Daniel Holth wrote:

> Briefly in PEP 426 we are likely to copy the Ruby behavior as the
> default (without using the ~> operator itself) which is to depend on
> "the remainder of a particular release series". In Ruby gems ~> 4.2.3
> means >= 4.2.3, < 4.3.0 and the version numbers are expected to say
> something about backwards compatibility.

Thanks!

Couple of questions on that in my other mail:

  1) This doesn't seem to jive with semantic versioning where you want
     to say "1.2.3 or any later compatible version" rather than "1.2.3
     or any later version in the 1.2 series"

  2) How do you do this in requires.txt type files without the operator?

> On PyPI the version numbers don't necessarily mean anything but I hope
> that will change.

Ok, and catalog-sig is the place to follow progress there?

> I consider it good form for a setup.py to declare as loose
> dependencies as possible (no version qualifier or a >= version
> qualifier) and for an application to provide a requires.txt or a
> buildout that has stricter requirements.

Interesting!

I feel like I'm missing some context on the latter part - mostly because
I hadn't come across buildout, so more reading for me! - but if the idea
is that a buildout/requires.txt specifies the versions that a developer
should use when working on the project ... how do you avoid a situation
where developers are happily working on one stack of libraries and the
app either no longer works with the minimum versions specified in
setup.py or the latest versions published upstream?

Thanks,
Mark.



More information about the Distutils-SIG mailing list