> On Feb 15, 2017, at 11:44 AM, Donald Stufft <don...@stufft.io> wrote: > > >> On Feb 15, 2017, at 1:15 PM, Daniel Holth <dho...@gmail.com >> <mailto:dho...@gmail.com>> wrote: >> >> I also get a little frustrated with this kind of proposal "no pins" which I >> read as "annoy the publisher to try to prevent them from annoying the >> consumer". As a free software publisher I feel entitled to annoy the >> consumer, an activity I will indulge in inversely proportional to my desire >> for users. Who is the star? >> >> It should be possible to publish applications to pypi. Much of the packaging >> we have is completely web application focused, these applications are not >> usually published at all. >> > > > > I haven’t fully followed this thread, and while the recommendation is and > will always be to use the least strict version specifier that will work for > your application, I am pretty heavily -1 on mandating that people do not use > ``==``. I am also fairly heavily -1 on confusing the data model even more by > making two sets of dependencies, one that allows == and one that doesn’t.
I hope I'm not repeating a suggestion that appears up-thread, but, if you want to distribute an application with pinned dependencies, you could always released 'foo-lib' with a lenient set of dependencies, and 'foo-app' which depends on 'foo-lib' but pins the transitive closure of all dependencies with '=='. Your CI system could automatically release a new 'foo-app' every time any dependency has a new release and a build against the last release of 'foo-app' passes. -glyph
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
