On 10/17/18, 12:24 AM, "William Pursell" <willi...@wepay.com.INVALID> wrote:
I'm jumping in a bit late here, and perhaps have missed some of the discussion, but I haven't seen any mention of the fact that pinning versions in setup.py isn't going to solve the problem. Perhaps it's my lack of experience with pip, but currently pip doesn't provide any guarantee that the version of a dependency specified in setup.py will be the version that winds up being installed. Is this a known issue that is being intentionally ignored because it's hard (and out of scope) to solve? I agree that versions should be pinned in setup.py for stable releases, but I think we need to be aware that this won't solve the problem. So the problem is going to be stubborn for the rare user not installing into a clean venv, vm, or docker image, or who is not relying on pypi to host the dependencies unmodified. https://pip.pypa.io/en/stable/user_guide/#pinned-version-numbers That doesn't mean it doesn't fix it for the vast majority of users who are trying to install a particular supported stable release. Given that 1.10.0 is the absolute very latest release, it should be supported. Shouldn’t there be an expectation that installing on a clean system from a supported stable branch will create a stable installation that can run the release?