+1 to pin Y releases On Tue, Jul 30, 2019 at 8:41 AM Tatiana Tereshchenko <ttere...@redhat.com> wrote:
> +1 to pin dependencies and use dependabot > > If we were to pin to Z releases, then we'd need to release pulp 3 package > with any Z release of any dependency we pin. > And in case of any [security] fix in any dependency, users would need to > wait for us to release pulp with updated dependency version. > > If my logic above is correct, I'm +1 to pin to Y releases. I think most > (if not all) breaking changes we observed were in the Y releases. > > Tanya > > > > On Fri, Jul 26, 2019 at 7:40 PM Brian Bouterse <bbout...@redhat.com> > wrote: > >> +1. This brings increased stability to Pulp users, and keeps Pulp forward >> compatible with all dependency releases. It's the best of both worlds and >> automated! >> >> On Fri, Jul 26, 2019 at 12:33 PM Dennis Kliban <dkli...@redhat.com> >> wrote: >> >>> +1 >>> >>> I really like that there is automation to help us update the deps. If >>> the PR from dependabot passes CI, we can just merge. Otherwise we will file >>> an issue. >>> >>> On Fri, Jul 26, 2019 at 11:38 AM David Davis <davidda...@redhat.com> >>> wrote: >>> >>>> Recently, Pulp 3 package installs were broken by a new version of DRF >>>> which necessitated a new release of pulpcore (RC4)[0]. Our releases are >>>> fragile and unstable because they don't pin versions of dependencies. >>>> >>>> I was thinking of a new strategy whereby we pin pulpcore's dependencies >>>> to specific versions (either y or z releases) and we use something like >>>> dependabot[1] to notify us of new updates for pulpcore dependencies. It >>>> looks like it'll open new PRs when it detects a dependency is out of date. >>>> >>>> The one downside I do see is that dependabot PRs could be ignored. >>>> However, I think the stability of our releases outweighs this potential >>>> risk especially as we get closer to GA. >>>> >>>> Thoughts? >>>> >>>> [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html >>>> [1] https://dependabot.com/ >>>> >>>> David >>>> _______________________________________________ >>>> Pulp-dev mailing list >>>> Pulp-dev@redhat.com >>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>> >>> _______________________________________________ >>> Pulp-dev mailing list >>> Pulp-dev@redhat.com >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >> _______________________________________________ >> Pulp-dev mailing list >> Pulp-dev@redhat.com >> https://www.redhat.com/mailman/listinfo/pulp-dev >> > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev