> On Feb 15, 2017, at 1:15 PM, Daniel Holth <dho...@gmail.com> wrote: > > I also get a little frustrated with this kind of proposal "no pins" which I > read as "annoy the publisher to try to prevent them from annoying the > consumer". As a free software publisher I feel entitled to annoy the > consumer, an activity I will indulge in inversely proportional to my desire > for users. Who is the star? > > It should be possible to publish applications to pypi. Much of the packaging > we have is completely web application focused, these applications are not > usually published at all. >
I haven’t fully followed this thread, and while the recommendation is and will always be to use the least strict version specifier that will work for your application, I am pretty heavily -1 on mandating that people do not use ``==``. I am also fairly heavily -1 on confusing the data model even more by making two sets of dependencies, one that allows == and one that doesn’t. I don’t think that overly restrictive pins is that common of a problem (if anything, we’re more likely to have too loose of pins, due to the always-upgrade nature of pip and the difficulty of exhaustivly testing every possible version combination). In cases where this actively harms the end user (effectively when there is a security issue or a conflict) we can tell the user about it (theoretically, not in practice yet) but beyond that, this is best handled by opening individual issues up on each individual repository, just like any other packaging issue with that project. — Donald Stufft
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
