Opened 6 years ago

Closed 4 months ago

#903 closed enhancement (no-action-required)

Pin dependency versions

Reported by: warp Owned by:
Priority: major Milestone:
Component: programming Keywords:
Cc: berkerpeksag Parent Tickets:

Description

As this discussed in the meeting today (2014-06-07), dependency versions should be pinned.

For all dependencies which adhere to http://semver.org/ only the MAJOR and MINOR version should be pinned, never the PATCH version. If a particular release of mediagoblin is known to work with a wider range of versions, pinning to a wide range is better.

Versions should be pinned in requirements.txt, which is convenient for users deploying using pip and virtualenv. Leave the versions in setup.py unpinned (except for minimum versions where necessary).

Verify requirements.txt for each release, and update it if necessary.

Subtickets

Change History (5)

comment:1 Changed 6 years ago by warp

Owner: changed from paroneayea to Christopher Allan Webber
Status: newin_progress

comment:2 Changed 6 years ago by berkerpeksag

Cc: berkerpeksag added

comment:3 Changed 6 years ago by Christopher Allan Webber

Milestone: 0.7.00.8.0

We aren't going to get this in on time... moving to 0.8.0.

comment:4 Changed 6 years ago by Jessica Tallon

Milestone: 0.8.0

comment:5 Changed 4 months ago by Ben Sturmfels

Owner: Christopher Allan Webber deleted
Resolution: noaction
Status: in_progressclosed

The approach I took in the 0.10.0 release was to loosely pin any dependencies only if they were causing errors (eg. celery>=3.0,<4.3.0).

Because new versions of packages are dropping Python 2 support all over the place, we also temporarily pinned an upper limit on Python 2 dependencies for this final Python 2 release (eg. PasteDeploy<=2.1.999). See #5595.

I think we're doing enough here for now, so I'm closing this ticket, but I'd be interested in your feedback.

I think the real game-changer will be continuous integration testing of the installation process and test suite in #5574. With this, we can explicitly test a set of operating systems and versions. This allows us to pin with maximum flexibility, but find out as soon as that approach breaks.

Note: See TracTickets for help on using tickets.