On 2017-02-17 09:56:04 +0100 (+0100), Nick Coghlan wrote:
[...]
> So if we rely on a manual "publish with pinned dependencies", "get bug
> report from redistributor or app developer", "republish with unpinned
> dependencies", we'll be in a situation where:
>
> - the affected app developer or
On 17 February 2017 at 08:56, Nick Coghlan wrote:
> - we retain full control over the tone of the error notification
I tried to formulate a long response to this email, and got completely
bogged down. So I'm going to give a brief[1] response for now and duck
out until the
On Fri, Feb 17, 2017 at 12:56 AM, Nick Coghlan wrote:
> By contrast, if we design the metadata format such that *PyPI* can provide a
> suitable error message, then:
But all these benefits you're describing also work if you
s/PyPI/setuptools/, no? And that doesn't require any
On 15 Feb 2017 23:28, "Paul Moore" wrote:
So, in summary,
* I agree that libraries pinning dependencies too tightly is bad.
* Distributions can easily enough report such pins upstream when the
library is initially packaged, so there's no ongoing cost here (just
possibly a