Stefano Rivera <stefa...@debian.org> writes: > Hi Simon (2025.09.19_13:10:16_+0000) >>Does anyone have thoughts on why some python packages use << versioning >>on build dependencies even when there are no such versions released? > > You sometimes see this. It's over-protective IMHO. > > We don't always do this. Packages need to declare PEP386 (in practice > PEP440) compliance for dh_python3 to do this. Or you have to pass > --accept-upstream-versions. > That's probably worth re-visiting, because everything is PEP440 > compliant, these days. > >>If this a python cultural upstream thing, is this something that should >>be mirrored in Debian's Depends: versioning? > > It's problematic for us to not mirror it, because then you can have > packages installed that don't have their dependencies met. pip doesn't > like that. pkg_resources (IIRC) used to also get quite up set about > it.
Thanks - this was the wisdom and context I was missing! I can't claim to fully grasp it, but now I know there is a python-specific reason to not remove << in debian/control for Depends: or Build-Depends: on upstream packages without those releases. > So, typically patching the upstream dependencies is appropriate in > these situations. Or, as it happened for yubikey-manager, sync the debian/control << versioning with upstream's << versioning, which got out of sync over time. It would be nice with a linter tool to catch this. /Simon
signature.asc
Description: PGP signature
